On Tue, 2006-09-19 at 18:28 +0300, Nadav Har'El wrote:
> a
> general Debian or Fedora system (with automatic updates, firewall, and
> other things required to keep that secure) is a more sensible choice than
> a home-grown everything-must-be-chrooted system.

This is an argument in favor of monocultural system configuration.
To be secure Hamakor's server should have sufficiently unorthodox
configurations that if someone breaks into the system, it will be
difficult for him to find his way in the system.

If this means chrooting, then I am in favor of chrooting.
If Debian or Fedora do not support this style of working, then it may be
a good idea for the person maintaining the system to develop
improvements to the packaging systems and offer them as patches.

I too want to differentiate my stock Debian Sarge installation and make
it difficult for viruses, worms and Trojan horses find their way around
my system.
                                   --- Omer
-- 
In civilized societies, captions are as important in movies as
soundtracks, professional photography and expert editing.
My own blog is at http://tddpirate.livejournal.com/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

לענות