[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] a secure base system

harry wrote:
... a lot of crap ;)) 

it seems that i wasn't exactly clear, when a system has been
compromised, it has to be reinstalled completely. my intention is to set
up a base system (an other system) just to run as a spare server (only
for servers!!!). when a system gets compromised, we have to completely
reinstall another server, which takes a lot of time. we don't want
that... that's why i need a secure start for a new server, a base
install from which we can install all our future servers

the standard we use here is debian, so i guess i'm stuck to debian (or
maybe trusteddebian, which i'm looking into right now) (no bsd :()
RSBAC provides everything SELinux has, and more ==> which is in adamantix

i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)

remote logging (without a doubt)

noexec, nodev, nosuid, ... on parts that we don't need

lvm, raid1, ...

so i think i know what to do now ( also talked to some peaple over
here...) i'm gonna start installing later today :)

thanks all... you are really the best! (i learn a lot on this list! :))

--
harry
aka Rik Bobbaers
ps. i'm a satisfied reader :))

K.U.Leuven - LUDIT             -=- Tel: +32 485 52 71 50
Rik.Bobbaers@xxxxxxxxxxxxxxxxx -=- http://harry.ulyssis.org

"Work hard and do your best, it'll make it easier for the rest"
-- Garfield

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html