RE: [Bastille-linux-discuss] routing daemons
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
RE: [Bastille-linux-discuss] routing daemons
|
From: BUCK,KEITH (HP-FtCollins,ex1) <kei...@hp...> - 2002-04-25 14:39:57
|
Sweth wrote: > Just to clarify, the actual questions are: > > QUESTION: "Would you like to deactivate the routing daemons? [Y]" > QUESTION: "Would you like to use gated instead of routed? [Y]" > right...I had copied in the short explanations instead of the questions. > . So I think what's intended below is that, if the person > has answered N to "routing" and N to "gated", then they have > elected to > have some sort of routing enabled, and to not have that > routing be gated; > therefore, gated should be shut off, as it is here: > So, is routing enabled by default on most Linux distros? Actually, the case I'm looking at is that neither question was answered at all, since on HP-UX the question doesn't yet make sense. Still, it's running chk_config_off, which has somewhat undefined behavior on HP-UX. > . The way the questions are phrased, I think it would > also make sense to have Bastille make sure that routed/gated > are enabled > after disabling the unwanted one, but I don't like the idea > of Bastille > enabling non-security-related services. Maybe we can clarify > by changing > the LONG_EXP to indicate that answering Y for the "gated" > question will > disable routed, but that it is the admin's responsibility to enable > gated if necessary, and that, similarly, answering N will > disable gated, > but the admin will still need to enable routed manually if so desired. So, you're advocating that any user who runs Bastille must make a change to their system (even if they answer all "N"'s), and that they have no option to keep their current router (I don't know what the benefits of routed over gated are, but if there weren't any, then it wouldn't be used by anyone in the first place) I definitely agree that a wording clarification is in order, and I agree that Bastille should not enable either routed or gated. We'll have to do something about OS's for which the question doesn't make sense (at least not yet), and I'd like to make sure that the behavior is consistent on Linux too. Thanks for your comments. -Keith |