Gentoo Archives: gentoo-security

From: Kurt Lieber <klieber@g.o>
To: David Olsen <do@×××××××.com>
Cc: gentoo-security@g.o
Subject: Re: [gentoo-security] Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 11:39:28
In Reply to: Re: [gentoo-security] Changes to traceroute in newest release by David Olsen
1 On Tue, Dec 16, 2003 at 12:29:02PM -0500 or thereabouts, David Olsen wrote:
2 > A (imho) better solution would be to perhaps do a 4750 by default, and give
3 > it to a specific group, say "staff" or the like, this way I can add my staff
4 > to that particular group once, and not have to muck permissions everytime a
5 > new release of traceroute comes out.
7 Fair enough -- that is another way of looking at it. One of my favorite
8 newgroup signatures I've seen is "There are two rules to UNIX
9 administration. Rule 1: There is always more than one way to do the same
10 thing. Rule 2: Someone thinks that your way is wrong." :)
12 This is semi-overkill for this specific problem, but one tool for general
13 system administration that we use with *extremely* good results is
14 cfengine. ( It allows me to say, "I don't care
15 what anyone else says, I always want the permissions of /bin/foo to be 0600
16 and owned by someuser:somegroup" It runs periodically and checks to make
17 sure things are as you want them to be. (It does a lot of other nifty
18 things, btw -- it's a very powerful, useful tool)
20 As I said, overkill for this specific solution, but an excellent solution
21 for ensuring that your systems, as a whole, are kept in a "known good"
22 state, according to your wants and needs, rather than those of the package
23 maintainer. And, anyone who knows me knows that I rarely pass up an
24 opportunity to promote cfengine. :)
26 --kurt


Subject Author
Re: [gentoo-security] Changes to traceroute in newest release Lance Albertson <ramereth@g.o>