/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hey Everyone, I'm trying to be better about more incremental updates so here is a first whack. This new version of TrinityOS now supports Bind9 in addition to various errata, etc. Also, if anyone is interested to doing final beta testing, I have a new single-interface NON-MASQ enabled IPCHAINS firewall ruleset. This ruleset is moving towards the multi-interface ruleset with split files, etc. PS. Yes, I AM working on the IPTABLES firewall ruleset but I want to get the final IPCHAINS version out first. PPS. 567 users.. please continue to push the word of TrinityOS. The more people use best practice security (best as I know of at least), the safer the net will be for all of us. That and more errata reports and feature requests means better versions of TrinityOS! :) --David I 03/07/01 Doh! Updated all the TrinityOS-security.tgz URLs to * Sent point to .tar.gz files. Update * - Thanks to Mark Rushing for catching this N Moved all ChangeLOG updates older than 10/15/01 to the TrinityOS-old-updates.wri file N Moved all IPCHAINS rc.firewall errata older than 3.72 to the TrinityOS-old-updates.wri file G Updated the ISC Bind versions and URLs [Section 5] I Updated the IPCHAINS rc.firewall ruleset to 3.83d # - Fixed a typo (stray #) where the RFC1918 # 10.x.x.x network was NOT being filtered in # the OUTPUT section [Section 10] G Updated the DNS section to include CHROOTed and Split Bind 9.1.0 - Updated the intro text for Section 24 for clarity, cleaned up some formatting issues, removed pricing info for registering domain names (I've seen registrars offering from $14.95 to $45/yr). - Added additional methods on how to figure out what version of Bind is running - Updated the minimum secure version of Bind to 8.9.3 - Removed ALL older BIND information to the TrinityOS-old-configs.txt files - Changed from explicting moving named and named-xfer binaries into the CHROOTed jails to copying named*. The reason for this is that named-xfer no longer exists in Bind9 but there are two new files. This way is a little more generic. - One of the changes from Bind8 to Bind9 is that the TYPE record in the named.conf file must now be the FIRST line. - Changed the filename 192.168.0.db to be acme123-int.com.db since it really was a FORWARD zone file and not a reverse * Updated the TrinityOS-security script to reflect all of these changes as well as cleaned up the chapter numbers, etc. [Section 24] ----------------- I 02/18/01 Made another fix to the root-hints-update script # v2.4 - Updated the dig info lookup from ns.internic.net # to a.root-servers.net [Section 24] ---------------- ---------------- G 02/14/01 Made some fixed to the root-hints-update script for DNS: # v2.3 - Updated the initial CD into one of the real # CHROOTed dirs vs. /var/named. The old script # was also leaving a stray NEW file in the EXT # directory. Because of all this, the email # notification would show an old root.hints # file though DNS would have the correct # updated file. Thanks to Jehan Bing for this errata. N Moved over the root-hints-update script to the automatic extraction from HTML (no more manual file sync'ing [Section 24] ---------------- .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----' _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
