| 1 |
The way I plan to do it (as I'm in the middle of this process myself) is |
| 2 |
to install everything first, and then run the RSBAC learning mode |
| 3 |
supplied with gradm, then tweak the profile it creates. |
| 4 |
|
| 5 |
Thanks, |
| 6 |
Brian |
| 7 |
|
| 8 |
Mathieu CASTEL wrote: |
| 9 |
> So I think I ll go for the RSBAC security, but I have a question....is |
| 10 |
> it better to first install and configure all the services on the |
| 11 |
> server and then add the rsbac or install a basic system and do the |
| 12 |
> instal of RSBAC, and then the other services? |
| 13 |
> |
| 14 |
> |
| 15 |
> |
| 16 |
> ----- Message d'origine ---- |
| 17 |
> De : Francesco Riosa <BastianBalthazarBux@×××××××××.it> |
| 18 |
> À : gentoo-hardened@l.g.o |
| 19 |
> Envoyé le : Mercredi, 15 Novembre 2006, 17h53mn 19s |
| 20 |
> Objet : Re: [gentoo-hardened] Which hardened (SUB)project |
| 21 |
> |
| 22 |
> Steev Klimaszewski wrote: |
| 23 |
> > Francesco Riosa wrote: |
| 24 |
> >> Brian Davis wrote: |
| 25 |
> >>> |
| 26 |
> >>> Francesco Riosa wrote: |
| 27 |
> >>>> Brian Davis wrote: |
| 28 |
> >>>> |
| 29 |
> >>>>> The only comment I'll make is that Reiserfs doesn't support SELinux. |
| 30 |
> >>>>> |
| 31 |
> >>>> That it's "non issue" for a new server, reiser3 is getting obsolete, |
| 32 |
> >>>> it's advantages are not enough to try the risk, |
| 33 |
> >>> Why do you say that? |
| 34 |
> >> - upstream has serious real life troubles |
| 35 |
> >> - SuSE is not anymore so interested in reiser3 |
| 36 |
> >> - a continuously changing linux kernel may lock a reiser user to an old |
| 37 |
> >> version (pain for a security oriented system) |
| 38 |
> >> - ext3 evolving and becoming ext4 in a reasonable mount of time |
| 39 |
> >> - major advantages only with _many_ files in one single directory |
| 40 |
> >> |
| 41 |
> >> don't get me wrong I liked and still like reiserfs but it's time is |
| 42 |
> gone |
| 43 |
> >> |
| 44 |
> > |
| 45 |
> > I've been lurking on this list for a while, running a couple of |
| 46 |
> > hardened servers, and the Gentoo guidelines for servers suggest reiser |
| 47 |
> > as the fs. I guess my couple of questions are, |
| 48 |
> > |
| 49 |
> > 1) What does what SUSE's interest in reiser have to do with anything? |
| 50 |
> > (Serious question here, not an attempt at a troll, I really am curious |
| 51 |
> > as I don't follow along very closely) |
| 52 |
> And it's a good question, reiserfs is opensource and so the interest of |
| 53 |
> only a subject (SuSE) is moot, but my feelings are the the community is |
| 54 |
> not any more interested in support reiser3 very much (obviously speaking |
| 55 |
> of feelings this opinion is moot too ). |
| 56 |
> Peter Volkov has already pointed out why and when SuSE decided to choose |
| 57 |
> other roads (may worth read it). |
| 58 |
> > |
| 59 |
> > 2) Is there anything other than backing up a partition, and mkfs'ing |
| 60 |
> > to a different format? I.E. some type of conversion utility for |
| 61 |
> > reiserfs->other format? |
| 62 |
> No, but backup and restore is not something that someone want to |
| 63 |
> schedule expecially with a great amount of data |
| 64 |
> , it may take hours (days) and the fact that you must consider it |
| 65 |
> choosing reiserfs3 now is still a detractive point. |
| 66 |
> |
| 67 |
> |
| 68 |
> People, this look like no more an "gentoo-hardened" issue, wont to end |
| 69 |
> the discussion (if needed) via private mail? |
| 70 |
> if you chose that, please write to "francesco"at"pnpitalia".it it's more |
| 71 |
> likely to get an answer. |
| 72 |
> sorry for the spam |
| 73 |
> |
| 74 |
> -- |
| 75 |
> gentoo-hardened@g.o mailing list |
| 76 |
> |
| 77 |
> |
| 78 |
> |
| 79 |
> ------------------------------------------------------------------------ |
| 80 |
> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos |
| 81 |
> questions ! Profitez des connaissances, des opinions et des |
| 82 |
> expériences des internautes sur Yahoo! Questions/Réponses |
| 83 |
> <http://fr.rd.yahoo.com/evt=42054/*http://fr.answers.yahoo.com>. |
| 84 |
-- |
| 85 |
gentoo-hardened@g.o mailing list |
Archives