[Bastille-linux-discuss] Dropping support for older OS releases
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: James W. D. <jwd...@tw...> - 2003-08-23 03:11:45
|
I was reading through Peter Watkins stand-alone distribution of the Bastille firewall scripts (which I use on some systems that I harden in ways other than strictly using Bastille), when I got thinking about the overhead of carrying support for older OS releases in the current (and future) releases of Bastille. It's been quite a while, chronologically, since a version of Linux didn't offer iptables support. Peter's scripts would certainly be a good bit smaller without the ipchains support they still include. Might it be time to start consider dropping support for older features and older versions of Linux? Now ipchains and the Bastille firewall scripts might be a bad example. It's been a good while since the first Linux releases with iptables support were delivered, but it's not been all that long I guess. But, Bastille supports Linux versions that are MUCH older than that. What is our overhead to handle this? Is it worth considering trimming some of that overhead. This is really a question, as I've not dug through the code to try to answer it. But I figured I would ask, lest I forget it by the morning :-) Just to (potenially) bolster the argument, how would the HP folks like to include HP-UX 9.X support? HP-UX 8? Hell, if Red Hat can sundown just about everything they've released, sholdn't we ;-) -- James W. Durkin jwd...@tw... |