-----Original Message-----
From: Roman Drahtmueller [mailto:draht@suse.de]
Sent: 21 August 2000 05:05
To: Steven Thompson
Cc: security@suse.de
Subject: Re: [suse-security] LIDS & OPENWALL Combo kernel patch
Hi
SuSE recommends recompiling your kernel with the OpenWall Patch for
firewall
servers.
Who said that?
# Copyright (c) 1999,2000 SuSE GmbH Nuernberg, Germany. All rights
reserved.
#
# Author: Marc Heuse , 1999,2000
# Please contact me directly if you find bugs.
#
# If you have problems getting this tool configures, please read this file
# carefuly and take also a look into /usr/doc/packages/firewals/EXAMPLES !
#
# /etc/rc.config.d/firewall.rc.config
#
# for use with /sbin/SuSEfirewall version 2.1
#
# ------------------------------------------------------------------------
#
# PLEASE NOTE THE FOLLOWING:
#
# Just by configuring these settings and using the SuSEfirewall you are
# not secure per se! There is *not* such a thing you install and hence you
# are safed from all (security) hazards.
#
# To ensure your security, you must also:
#
# * Secure all services you are offering to untrusted networks (internet)
# You can do this by using software which has been designed with
# security in mind (like postfix, apop3d, ssh), setting these up without
# misconfiguration and praying, that they have got really no holes.
# SuSEcompartment can help in most circumstances to reduce the risk.
# * Do not run untrusted software. (philosophical question, can you trust
# SuSE or any other software distributor?)
# * Harden your server(s) with the harden_suse package/script
# * Recompile your kernel with the openwall-linux kernel patch
# (former secure-linux patch, from Solar Designer) www.openwall.com
# * Check the security of your server(s) regulary
# * If you are using this server as a firewall/bastion host to the
internet
# for an internal network, try to run proxy services for everything and
# disable routing on this machine.
# * If you run DNS on the firewall: disable untrusted zone transfers and
# either don't allow access to it from the internet or run it
split-brained.
#
# Good luck!
#
# Yours,
# SuSE Security Team
Which is better LIDS or OpenWall or a Combination of both patches.
Will the LIDS or OpenWall break any Apps in SuSE 6.4
PS Is there a good Linux Networking Mailing list with support for Advanced
IP routing.
Thanks in advance
Steven Thompson
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
Thanks,
Roman.
--
- -
| Roman Drahtmüller // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -