Re: [Bastille-linux-discuss] Debian/CVS questions
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Jay B. <ja...@ba...> - 2001-11-26 16:08:41
|
Let's keep trying to work these issues out for now. If we're in any way worried about whether Javier understands the (necessarily) complex firewall setup (1), we can use the requires tags to remove the firewalling step for Debian until we take care of it. Outside of that, I'm going to fire up a Debian test system to test out the code. What I found in my code audit of Javi's work was that there were actually very few changes, outside of file locations. With hope, this is because Debian is so Red Hat-like that little other code is necessary. On the other hand, if hope gives way here, we'll look at the options together. - Jay [1] DHCP-based firewalls....ugh.... In the wise words of Peter W: > On Sat, Nov 24, 2001 at 09:11:25AM -0800, Jay Beale wrote: > > > I've committed the diff to CVS. I took the precaution of laying down > > "pre-debian-merge" tags, just in case. > > > > Not to sound under-cautious...I actually read through the entire diff > > before committing any of it. The code looks rather clean and, as Javier > > says, makes only one major (and welcome) change to Bastille's running. > > Looks like there is some cleanup to be done, at lest in Firewall/TMPDIR > > - bastille-tmpdir.sh and bastille-tmpdir.csh should *not* have bang lines > at the top; they're not standalone scripts; they're meant to be sourced. > Since the sole purpose of bang lines is to help the OS figure out what > app to hand the script to, it doesn't make much sense to add them to > things like config files and scripts that should only be sourced. This > is a convention that at least Red Hat seems to follow; look at the > other scripts in /etc/profile.d > > - does Debian even have/use /etc/profile.d ? On the one Debian system I > help run, we had to create /etc/profile.d and modify /etc/profile to > look at profile.d (similar would need to be done to /etc/csh.login) > > - bastille-firewall-schedule: how does Debian handle DHCP configuration? > While this is less of an issue with kernel 2.4, I would like to be sure > that we've got the rebuild-firewall-at-lease-renewal logic working > > - bastille-firewall-reset: hardcoded for /etc/rc.d/init.d; probably needs > to be "fixed" by Firewall.pm at install time, much as the b_place() > function in bastille-firewall-install.sh does > > -Peter, who can't even log in to his VMWare/Debian 2.2r2 install :-( -- Key: http://www.bastille-linux.org/jay/less-secure-key Fingerprint: 1024D/DA510269 2001-06-23 Jay Beale (Not So Secure Key) <ja...@zo...> Key fingerprint = 7298 E23D 621D ED80 FB32 9663 8B3F 9A87 DA51 0269 |