Gentoo Archives: gentoo-user

From: reader@×××××××.com
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: Any glaring use flags here
Date: Wed, 26 Dec 2007 16:14:56
Message-Id: 87odcdphno.fsf@newsguy.com
In Reply to: Re: [gentoo-user] Any glaring use flags here by Neil Bothwick
1 Neil Bothwick <neil@××××××××××.uk> writes:
2
3 > On Tue, 25 Dec 2007 22:53:10 -0600, reader@×××××××.com wrote:
4 >
5 >> This machine is been prepped to be a sort of DMZ machine, but not
6 >> more wannabe than really since it will not route stuff to my home lan
7 >> at all... just be the recipient of all blocked stuff at an upsteam
8 >> NETGEAR firewall/router.
9 >>
10 >> I would like an opinion about the USE flags I keep in /etc/make.conf
11 >>
12 >> USE="mysql emacs mbox hal acpi logrotate vga nptl nptlonly \
13 >> -ipv6 -imap -maildir -gnome -X -kde"
14 >
15
16 [...]
17
18 ----- Notes ----- Notes -----
19
20 First let me reiterate what this OS is supposed to do. My original
21 post was so riddled with typos and bad grammer, I'm amazed you
22 understood enough of it to make a sensible reply.
23
24 Briefly: This machines' purpose is to receive the output of a DMZ
25 switch at a NETGEAR router upstream. It will not be routing anything
26 to the local lan and has only 1 nic. I just want a pipeline of all the
27 baloney my firewall is dropping for my own investigation.
28
29 The netgear router/firewalls' own logging capabilities produces a big
30 awkward, poorly formatted log. Getting it mailed and processed is a
31 pain, and having it log directly to a lan machines' syslog seems to
32 truncate the data to the point its nearly useless. The configuration
33 proceedure is also way awkward compared to hand editing an iptables
34 script.
35
36 I plan to install an iptables firewall that drops incoming portscans
37 sweeps untoward connection attempts etc. etc.logs the info and study
38 the logs with tcpdump etc.
39
40 ---- End Notes ----- End Notes -----
41
42 Neil wrote:
43 > It depends on the profile you use, since that affects the defaults
44 > for flags not set/unset in /etc. Which profile are you using, hopefully a
45 > server one, and what does "emerge --info show". The output from emerge
46
47
48 Gack.... I've never given a moments thought to which profile I used.
49 It appears to be pointing at the default one.
50
51 /etc/make.profile -> ../usr/portage/profiles/default-linux/x86/2006.1
52
53 emerge --info shows a hefty list of USE flags. Good lord. I had
54 no idea all those were being used during emerges.
55
56 I think I better do some reading before proceeding with this.
57
58 I'm thinking, switching to the `hardened' profile is probably what I
59 should be doing.
60
61 How does one go about changing the profile? Is it as simple as just
62 changing the symlink?
63
64 googling on `site:gentoo.org profile'
65
66 I find a little guide showing how to change from 2004.0 to 2006.X. It
67 talks about a different setup being deployed post 2004.0. So I'm wondering
68 if there are more or different steps involved now?
69
70 The full output of that search even when adding `-forums' is too much
71 to swim thru without a little more paring down.
72
73 --
74 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] Re: Any glaring use flags here Neil Bothwick <neil@××××××××××.uk>