On Mon, 12 Mar 2001, Jack Coates wrote:
> Background, for those who haven't downloaded it yet:
Didn't know it was that far along. Will see about taking a peek.
<Snip!>
> b) "the minimum" of system configuration files. In my dreams,
> that's two files: linuxrc and ladybug.conf.
> c) any package related configuration is going to go here, so the
> disk needs to have as much spare room as possible.
<Snip!>
> b) a CD-ROM with all the support goodies and server packages
> needs to be available, or else you're looking at 30 floppies :-)
<Snip!>
> 3) Security should be as good as possible.
> a) only serial and ssh access are supported.
> b) out of the box bastion - it comes up safe.
> c) only local media supported for package load.
> d) packages updated and kernel patched.
<Snip!>
> 1-b) This is somewhat hard to do, given the progression from Debian
> through a few versions of LRP to Oxygen. However, the work is 90% done
> in the files that are up on my page. My question is, am I violating The
> Unix Way(TM) by going this direction? Would tons of little config files
> tied together with lrcfg menu be better?
Regardless of the Unix Way, which I can definitively say I am NOT an
expert on, I'd say having EVERYTHING in a ladybug.conf file is a bad way
to go about it. Your IPChains rules - I know, it's not a firewall and a
router, but you still want chains to lock down the box totally, and it
works as an example - shouldn't be in the same file as you're specifying
your network settings and kernel modules. If I'm misinterpreting, let me
know.
> 2-b) If I'm assuming a CD-ROM and a box with lots of RAM, why not get
> away from the glibc issue and use a newer Linux as my base? Pros and
> cons?
Pro: REALLY easy development, probably more secure, definitely more
obtainable.
Cons: May conflict with 1c. In fact, it probably will conflict. It's
possible that the stripped versions of 2.1.x are workable, since they
aren't THAT much larger. But with root.lrp needing to be on the boot image
- in my case, a floppy - that might get a little hefty. I know that my
1.68M router image, with packages removed, has gobs and gobs of space,
once you pull the packages, and that's using 2.2.18-kernel LRP 2.9.8.
> 3-d) Easier said than done.
Kernel's easier done than said - at least, I think so - but the packages,
well... I will say that this is another place where going to 2.1.x glibc
will help.
--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]
"We know what deterrence was with 'mutually assured destruction' during
the Cold War. But what is deterrence in information warfare?" -- Brigadier
General Douglas Richardson, USAF, Commander - Space Warfare Center
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
