-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you want to P a guy off ...
HLFS is pretty much intended for a different audience than LFS. Not many people can handle the needs of a hardened system. So it is understood that we must fill in many of the gaps to make our systems work properly. Unfortunately the lfs/blfs boot scripts are not even in the ballpark for many things related to our server type system. Let's think professional. 1. NTP will hang your system terminally on boot without a working Ethernet connection. Config is not the issue. The ethernet connection may eventually come alive, but you remain hung in init. 2. A suppposed ext3 disk error will hang the system terminally on a reboot. (I automate reboots with cron to control possible memory leaks) I get hung when the system is actually clean. The script is not handling the return value properly, and aside from total disaster, ext3 can take care of itself very well anyway, from my experience. Why halt the boot? 3. several of the boot scripts fail to report progress correctly due to missing .pid or some other reason. They say things are started or stopped when ps shows otherwise. MySQL is a lost leader. The apache script validates all virtual hosts on shutdown. Ridiculous. I had to re-write all mine so my system is not the issue here. It is the distributed boot scripts. Security hardening is great but reliability is a very big necessity. A minimal software watchdog needs to be incorporated as a standard component in hlfs - it is in the kernel. If the boot sequence hangs it needs to automatically re-run in (n) min. That should be fairly easy, and would allow for some anomalies at least. For a hardened server, things like tripwire are great if you never sleep. I have long used OSSec to provide more viable real time monitoring and with small exception it is a great tool. I recommend this be something brought into hlfs, as it works pretty well. The developer is also very communicative and addresses problems quickly. I am putting Roberts latest dev work online tonight. I moved up to 2.6.23 as it has a grsec patch. I expect no problems as it played so well in testing. Faster too. I feel it's time to look at donating a bit more to the cause; how about the rest of you join in with me? Marty B - -- Putting Microsoft in a computer is like putting screen doors in a submarine. Hopeless. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHMmzfodd/GHZYnVQRArntAJ4xVhGb7OMeP+2BkCGt+rSd6S1w4wCdGPKo ZROyi5VaFrc1hk9B9b+4Os0= =1cMf -----END PGP SIGNATURE----- -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
