I'm still thinking about in/ex-clusions for my LFS build. I've only had to deal with my own systems, a somewhat restricted set of needs.
What are the circumstances under which one needs, or does not, the enhanced internal security of EAs, ACLs, etc. (short of SELinux), in an LFS system? I'm interested in your thoughts. Some are pretty obvious, e.g. internet "bastion" servers (Is there's any other kind?) and DMZ residents, multi-user/quasi-public hosts. Others? "Container servers" but not bare-metal virtual machine servers? (But, then, does one build those from LFS or "buy" commercial?) Not obvious: single user hosts (given that they're behind NAT routers and have strong internal firewalls, my case), check-pointed virtual systems (perhaps to be my case)? What are the characteristics of the systems one builds with LFS that establish the needs of what kind of internal security enhancements of what scope? How far do *you* take it, and why? -- Paul Rogers [email protected] Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.com - IMAP accessible web-mail -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
