On Saturday 25 October 2003 16:19, Bo Jacobsen wrote:
I agree 100%. They need an install option named firewall, or some thing like that, that leaves out ANY stuff that should not run on a firewall. I actually find it a little strange that they have not implemented that a long time ago, since security has been a hot topic for a long time now.
Why not quite simply try out OpenBSD if you want to use a machine as a firewall? Security patches for OpenBSD are source only, so in your case you would need a second computer for making binaries for your firewall. I'm quite sure that quite a few readers on this mailinglist runs heterogenous networks.
Funny you should mention that, I have actually ordered OpenBSD 3.4, 4 days ago.
The normal SuSE installation even have world-read permission on all files in /root !!!. I find that more then a little open.
The directory /root is readable only by root, unless you changed it's permissions.
You are right, it's not so for /root (thank god), just the subdirs.
Actually, SuSE's lack of priority on basic system secutity tools, has forced me to start looking at other systems like FreeBSD etc.
Bo
I'm not quite sure what you mean by "lack of priority on basic system secutity tools" in SuSE. SuSE does a quite a decent job in this respect. And if you need a more recent version of, say, nmap, the "make" is still available.
/Sigfred
I'm not dissatisfied with SuSE as such, but SuSE are more and more focused on usability (which may I add, they are very good at) then security. I have used SuSE since ver. 5.0 (or was it 4.2, I don't remember) for all kinds of things, but you are right, I have to start using different OS's for different purposes. Bo