Re: [fw-wiz] Securing a Linux Firewall

From: Carson Gaspar (carson@taltos.org)
Date: 07/23/02

• Next message: Joseph S D Yao: "Re: [fw-wiz] Code reviews [Was: FWTK and smap/smapd]"
• Previous message: Joseph S D Yao: "Re: [fw-wiz] Code reviews [Was: FWTK and smap/smapd]"
• In reply to: Frederick M Avolio: "Re: [fw-wiz] Securing a Linux Firewall"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Paul Robertson: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Mordechai T. Abzug: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Brian Hatch: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Securing a Linux Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Carson Gaspar <carson@taltos.org>
To: firewall-wizards@honor.icsalabs.com
Date: Tue Jul 23 15:57:02 2002

--On Tuesday, July 23, 2002 12:07 PM -0400 Frederick M Avolio
<fred@avolio.com> wrote:

> Turn off everything you are certain you don't require.
> Actually remove the executables, also. (remove the rpm).

OK - as someone who seems to represent the "remove the executables" camp,
can you explain your reasoning? I've never been able to understand _why_
removing files buys you anything?

(See my previous post for my strategy - castrate all priveleged binaries,
turn off all services, and turn logging to high)

-- 
Carson

---

• Next message: Joseph S D Yao: "Re: [fw-wiz] Code reviews [Was: FWTK and smap/smapd]"
• Previous message: Joseph S D Yao: "Re: [fw-wiz] Code reviews [Was: FWTK and smap/smapd]"
• In reply to: Frederick M Avolio: "Re: [fw-wiz] Securing a Linux Firewall"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Paul Robertson: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Mordechai T. Abzug: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Brian Hatch: "Re: [fw-wiz] Securing a Linux Firewall"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Securing a Linux Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: fwbuilder (Was Graphic firewall) ... The executable is fwbuilder. ... executables will be in /usr/local/bin ... So try to fond in /usr/bin for RPM install. ... > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe ... (RedHat) [opensuse] Re: Interactive Firewall Needed ... All files, executables or not. ... Have a look at man rpm, ... Oh, cool, so if I install wings3d by downloading the .run.gz, gunzip it ... rpm database, which obviously only includes files installed from an rpm. ... (SuSE) [opensuse] Re: Interactive Firewall Needed ... Perhaps, I don't know if the rpm database uses md5sum or not, ... All files, executables or not. ... Oh, cool, so if I install wings3d by downloading the .run.gz, gunzip it ... (SuSE) Install an RPM from within the %post section ... I have an application that I'm building that, along with the executables and ... has some rpm's within the package. ... execute an rpm -i which gives me a "waiting for transaction lock" message. ... I though that, starting in rpm 4.1, the ability to install an rpm from ... (comp.os.linux.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2002-07