From: Heiko Z. <he...@zu...> - 2004-10-30 02:58:58
|
Bruce Smith wrote: >>>I have some ideas about a server .config profile I'd like to run by you, >>> >>> >>I thought we already did? Anyhow, you can do it if you maintain the config >>file. >> >> > >I've been thinking and talking about it, but haven't done it yet. > >First I need to decide how to configure the security settings. >Getting rid of grsecurity is a given, but what about the other ones? > >I see a "server" as something that should run as fast as possible, >so how much of a performance hit are the other security options? >Any idea? Or should I just remove them all? > > I'm not sure if it is wise, I would at least keep the ssp. >And, if we create a "server", should we remove some services from the >default profile? Maybe drop some stuff that really shouldn't be run on >a firewall, like samba, etc? Or drop the default profile and only have >a router profile and a server profile? > > I would not change the default profile. Maintaining one more profile (like router) I would not do, because of the work it will cause. >Essentially switch to a firewall release AND a server release, and not >combine the two? Or add the server option and leave the others alone? > > > I'd say add server, leave others alone. The router profile is not maintained right now, so you can get rif of it if you want. >>>if it's not too much work to add another one. >>> >>> >>I was thinking about dropping support for i486 in the 1.3 series and for >>that only providing a i586-SMP. >> >> > >Sounds good to me! A i586-SMP firewall, and a i686-SMP server release? > > > i586-SMP default i686-SMP server sounds good to me. >>>I could also help with some of the compiling and uploading if you like. >>> >>> >>Oh I would certainly appreciate that ! >> >> > >You'll have to tell me the steps you follow to compile the official >releases (along with stuff on how to get rid of the date as part of the >release number, etc.) > > That's easy, let's do it offline. >Of course that's assuming I can still compile DL ... I just upgraded >all my desktops to SuSE 9.2 and haven't tried a DL compile yet. :-) > > Please give us a report, I was thinking about buying 9.2 too. -- Regards Heiko Zuerker http://www.devil-linux.org |