Well, a very striped down version of OpenBSD running off a cd and freenet's cache being on an encripted disk with a one-time key (ie a new key is randomly generated at boot) would make setting up a freenet machine simple, safe, and dificult to update. :-p mmmm, 9 years with one remote hole.... ~Paul
On Thu, 05 Aug 2004 00:23:51 +0200, Zenon Panoussis <[EMAIL PROTECTED]> wrote: > > Toad wrote: > > >> You have taken extraordinary measures to protect against [the > >> ftp server being hacked], haven't you? > > > Umm, measures such as..? I don't see how you can defend against the > > above, really. > > Well, first of all the elementary stuff. No other services on the > same machine. You don't want your ftp server compromised because > of a flaw in mailman, or even sendmail, so put that stuff elsewhere. > Heavy firewalling. IDS. No compiler installed; most hacks begin > with a compilation. No unnecessary script interpreters; an ftp > server can live very well (and much longer) without PHP, python, > perl, java, whathaveyou. A super-lean kernel. A permanently up > to date system. > > Then the more tedious stuff. Remote syslog. Remote md5sums of every > file on the machine, regularly checked. A draconic password policy. > Why not a read-only server running from a CD-ROM? > > And then comes the really difficult part, physical security. A > gang of angry and hungry dobbermans in the outer perimeter, cobras > in the server room, tarantulas inside the server itself. > > As a side-dish, network security. If your DNS can be compromised, > nobody needs to touch your ftp server before they can serve their > own files from "your" machine. Arp. There is really no way to > ensure that a visitor to your ftp server won't end up elsewhere, > but an unpredictable control mechanism can let you know if that > happens and mitigate the damage. > > > There is one thing though... I think the CVS announcement mails are > > generated on the client side. They should be generated on the server > > side. Anyone know how to do this? > > What you mean by "CVS announcements"? > > Z > > -- > Framtiden �r som en babianr�v, f�rggrann och full av skit. > Arne Anka > _______________________________________________ > Support mailing list > [EMAIL PROTECTED] > http://news.gmane.org/gmane.network.freenet.support > Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:[EMAIL PROTECTED] > _______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
