Great Circle Associates Firewalls
(November 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: strip-down filelist
From: Ed Forbes <ejf @ bbnplanet . com>
Date: Tue, 11 Nov 1997 08:54:42 -0500 (EST)
To: Marc Heuse <Marc . Heuse @ mail . deuba . com>
Cc: linux-security @ redhat . com, firewalls @ greatcircle . com
In-reply-to: <199711111020 . LAA20341 @ localhost . deuba . com> from "Marc Heuse" at Nov 11, 97 11:20:16 am 
Hi Marc,
 
> When installing a Linux system for a proxy/firwall/gateway/router/victim
> purpose you have to strip it down to make the security on the host as tight
> as possible. Removing compilers, suid/sgid files, mounting readonly etc. etc.
> In other words, stuff that you do again and again.
> 
> One approach is to delete everything you know you don't need.
> 
> The other and better approach is just to make a list of all files you really
> need and removing all the rest.
 
Maybe I missed a subtle point, but what exactly is the difference between
these two approaches.  The first approach is to delete everything you
don't need and the second approach is to make a list and then delete
everything you don't need.  The only difference seems to be the list
itself which would seem to be implied in approach number 1 (hence how
would you know what you don't need).

Thanks,
Ed
References:
Indexed By Date Previous: Re: support for NetMeeting
From: "Greg Collins" <gcollins @ dqisystems . com>
Next: Re: strip-down filelist
From: Marc Heuse <Marc . Heuse @ mail . DeuBa . COM>
Indexed By Thread Previous: strip-down filelist
From: Marc Heuse <Marc . Heuse @ mail . DeuBa . COM>
Next: Re: strip-down filelist
From: Marc Heuse <Marc . Heuse @ mail . DeuBa . COM>
Google
 
Search Internet Search www.greatcircle.com