From: Dean N. <di...@ti...> - 2003-07-20 05:58:54
|
> > >> o Errors from postfix/postfix-script: > > > > > > I've never used postfix, so I can't help you with that one, sorry. > > > Hopefully one of the other developers can look into that. > > > > Well, I've gotten all but two of the problems fixed (see my other email). I > > can't do much about the missing cmp command, and I still haven't figured out > > yet why the aliases.db file isn't being created (but at least I have a > > workaround - I simply created and copied an aliases.db to /etc). > > Missing "cmp" command? It's on my DL box: > > root@Devil:~ # whereis cmp > cmp: /usr/bin/cmp /usr/share/man/man1/cmp.1.gz > root@Devil:~ # cat /cdrom/VERSION > 0.6Beta1-2003-07-18 > root@Devil:~ # Well, its not on mine! root@bedrock:~ # whereis cmp cmp: /usr/share/man/man1/cmp.1.gz root@bedrock:~ # cat /cdrom/VERSION 0.6Beta1-2003-07-17 And, there are a few other commands missing: nslookup dig (I received a letter from my ISP today telling me that they are going to convert me from a static IP to a dynamic IP. So I've spent the evening working on scripts (dhcpcd.exe) to properly handle this new environment [updating my firewall settings, reconfiguring Postfix on the fly, etc.] That is how I noticed that neither nslookup or its new counterpart dig are present.) > > Also, now that I am thinking about it, there was some discussion that now > > that everything will be symb. linked onto the CD that Devil-linux could > > remove the requirement to "install" a lot of options (that they could simply > > be there). I would point out that a strong security feature of Devil-Linux > > is that there is NOTHING there that you don't ask for. I would have to have > > somebody be able to exploit a hole in IPTRAF (as an example) simply because > > it was now automatically installed (and now available). > > Not having all the commands loaded is a false sense of security. You > don't have to start any more services than you need, so you're just as > safe from outside attack. > > If you get compromised, then someone has root access to your system > (since root is the only user), and if root needs a command that's not > loaded, all they have to do is untar the package from the CDROM. Or > then can untar one of the FTP clients and transfer anything they want. Agreed, but I have no problem making them work at it. After all, it may not be obvious to somebody that there even -is- an FTP client that can be untarred. If I was -truely- paranoid (what, who, me?), I would do a custom compile of devil-linux so that the unneeded programs weren't even present. > P.S. If you get a chance, I'd appreciate if people could run the new > "setup" program on a recent DL beta CD and provide feedback to me. > It is my first attempt to provide a menu driven program to do a basic > DL setup, so hopefully people without Linux knowledge can use DL as > their personal firewall. Please let me know what you think ... I gave it a try, and not bad. A couple of comments: o When running save-config, it produces an error that var/adm/<something> wasn't mounted... o When running save-config, it produces a lot of messages complaing that the Uid had changed. o When running through the dialogs, you may want to standardize (and change some) of the tags. For example, you use "OK" to mean select and not "finished with this page, go to next page". I think I saw a placed where you used finished instead of back, etc. And instead of "back", maybe "main" or "prev"? o When listing software, rather than using the internal names "nail" and "daemontools", a 15-20 character description would probably be better. Dean Nedelman TimeLord Consulting (Maybe now would be a good time for me to subscribe to the mailing list... :-) ) |