... a lot of crap ;))
it seems that i wasn't exactly clear, when a system has been compromised, it has to be reinstalled completely. my intention is to set up a base system (an other system) just to run as a spare server (only for servers!!!). when a system gets compromised, we have to completely reinstall another server, which takes a lot of time. we don't want that... that's why i need a secure start for a new server, a base install from which we can install all our future servers
the standard we use here is debian, so i guess i'm stuck to debian (or maybe trusteddebian, which i'm looking into right now) (no bsd :() RSBAC provides everything SELinux has, and more ==> which is in adamantix
i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)
remote logging (without a doubt)
noexec, nodev, nosuid, ... on parts that we don't need
lvm, raid1, ...
so i think i know what to do now ( also talked to some peaple over here...) i'm gonna start installing later today :)
thanks all... you are really the best! (i learn a lot on this list! :))
-- harry aka Rik Bobbaers ps. i'm a satisfied reader :))
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org
"Work hard and do your best, it'll make it easier for the rest" -- Garfield
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
