Hardened Lunar Linux
Kok, Auke
sofar at foo-projects.org
Fri Mar 9 20:48:18 CET 2007
Dennis Veatch wrote:
> On Friday 09 March 2007 02:19:43 pm Jean Michel Bruenn wrote:
>> heh. forgotten to answer on something:
>>> 1) security reasons (better control of system by having knowledge and
>>> tools to gather status of modules installed (hardened/not hardened). In
>>> security enhanced system non-hardened modules are not welcome and
>>> probably sysadmin will would like to scan installed modules list for the
>>> items not meeting this requirement (to find possible weaknesses/holes).
>>> Maybe download via https or secure ftp from secured server over encrypted
>>> connection would be another argument for separate moonbase-hd file.
>> Another thing (PERHAPS) could be, that we don't want every module in an
>> hardened moonbase. For example: Normal Moonbase is user friendly. Mostly
>> used for Desktop environments. A Hardened Moonbase wouldn't be as user
>> friendly as it now is. And it would be for ppl who wants a secured system.
>> The Question is, is it possible to say a secured system is a server-system?
>> If yes - we wouldn't need xmms or audacity or ... you know what i mean.
>> some modules or packages are useless on a server-system. The Question is
>> should it be a moonbase with every module from the original moonbase, or
>> simply a moonbase for server users.
>>
>> cheers, jean
>
> 2 Cent quip;
>
> Do you really need a separate moonbase? Why not follow the same method sofar
> used for x86_64 modules? Example;
>
> BUILD.x86_64
>
> And make them BUILD.hard (or whatever you want to call it.)
that is a possiblity, but for now I would use modules with the same name and put
them into zlocal, and set ZLOCAL_OVERRIDES to on.
this way you can have a zlocal/hardened folder and group them neatly, and
provide a single tarball for people to drop in there.
lunar already made that extremely easy, so you should exploit it and get to the
real work: make hardened modules where it is needed.
Auke
More information about the Lunar-dev
mailing list