fredagen den 6 juni 2003 21.27 skrev Vincent Danen: > On Fri Jun 06, 2003 at 09:03:15PM +0200, Oden Eriksson wrote: > > > Absolutely. But this is so inconsequential either way, it doesn't > > > really matter to me. I indicated my own personal preference. I've > > > already stated that this hack will not go into updates because changing > > > a config arbitrarily is not a good thing. But cooker? I don't see a > > > problem with it (again, personal opinion). I also don't really see the > > > need for it because, as I indicated before, only stupid people would > > > write a script to expose that information to the world. A good > > > sysadmin would not do this. > > > > And..., I'm just the messenger..., full of ideas. > > > > It could be a idea to fix this, and similar things, but then again maybe > > not. > > > > I'm thinking more like the next release, possible ways to claim a more > > "secure" os. It's just a way of thinking..., maybe we could do this and > > get away with it, or maybe not. The usability will have to remain, but > > certain things would have to change, like access to certain functions. > > > > Well..., never mind... > > Maybe something along the lines of bastille or harden_suse, specifically > tailored to Mandrake, would be in order. Some subset of msec that you run > once and it goes through some configs and makes changes (and reports what > changes it makes). But a one-time thing so that if you change something > back, it doesn't come along the next day and "fix" it for you.
I haven't tried suse, but this could be it. I think this is what I meant, or wanted in the first place..., too bad I suck putting what I mean into words. But I belive I mentioned msec, or maybe that's not it? Maybe I really had the bastille stuff in mind after all. I wonder if we could use parts of suse and/or bastille for this? I know it would require resources from mandrake to fix this, but... I won't fix this myself, not singlehandedly anyhow, no way. There are more enlightened people than me who should author this. As usual..., just a couple of ideas. For example if you install the "kernel-secure" stuff you should not be surprised if mod_index is not there. You should cope with no "phpinfo()" like functions, etc. Well..., this is what I meant and had in mind. -- Regards // Oden Eriksson, Deserve-IT.com
