[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Old question: what is SUSE going to do with harden_suse / Bastille



> On Saturday 25 October 2003 16:19, Bo Jacobsen wrote:
> > I agree 100%. They need an install option named firewall, or some thing
> > like that, that leaves out ANY stuff that should not run on a firewall. I
> > actually find it a little strange that they have not implemented that a
> > long time ago, since security has been a hot topic for a long time now.
> 
> Why not quite simply try out OpenBSD if you want to use a machine as a 
> firewall? Security patches for OpenBSD are source only, so in your case you 
> would need a second computer for making binaries for your firewall. I'm quite 
> sure that quite a few readers on this mailinglist runs heterogenous networks.

Funny you should mention that, I have actually ordered OpenBSD 3.4,  4 days ago.

> 
> > The normal SuSE installation even have world-read
> > permission on all files in /root  !!!. I find that more then a little open.
> 
> The directory /root is readable only by root, unless you changed it's 
> permissions.

You are right, it's not so for /root (thank god), just the subdirs.

> > Actually, SuSE's lack of priority on basic system secutity tools, has
> > forced me to start looking at other systems like FreeBSD etc.
> >
> > Bo
> 
> I'm not quite sure what you mean by "lack of priority on basic system secutity 
> tools" in SuSE. SuSE does a quite a decent job in this respect. And if you 
> need a more recent version of, say, nmap, the "make" is still available.
> 
> /Sigfred
 
I'm not dissatisfied with SuSE as such, but SuSE are more and more focused on 
usability (which may I add, they are very good at) then security. I have used SuSE 
since ver. 5.0 (or was it 4.2, I don't remember) for all kinds of things, but you are 
right, I have to start using different OS's for different purposes.

Bo


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here