> When installing a Linux system for a proxy/firwall/gateway/router/victim
> purpose you have to strip it down to make the security on the host as tight
> as possible. Removing compilers, suid/sgid files, mounting readonly etc. etc.
> In other words, stuff that you do again and again.
> One approach is to delete everything you know you don't need.
> The other and better approach is just to make a list of all files you really
> need and removing all the rest.
Maybe I missed a subtle point, but what exactly is the difference between
these two approaches. The first approach is to delete everything you
don't need and the second approach is to make a list and then delete
everything you don't need. The only difference seems to be the list
itself which would seem to be implied in approach number 1 (hence how
would you know what you don't need).