Secured vs. Security Distros and Wish Lists

[Justin Hahn <jehahn@raven.bu.edu>]

[snip a lot of details]

> But would I want those tools included in a Linux distribution that
> marketed itself as being secure?  No.  Would I want them I a Linux
> distribution that marketed itself as being good for probing other boxes
> and testing for vulnerabilities, by all means. 

I'm not sure I see the big deal here. I recently had a machine
compromised (it seems sun's ufsrestore patch doesn't close the holes
it is supposed to...) and I had some script kiddies running around one
of my boxen. They *BROUGHT* nmap with them (along with some other fun
toys). Once you have a shell running, with a network connection, you
can find a way to bring anything in you want.

This isn't to say I advocate installing scanners on your
firewalls. That's not a good idea. But I don't see the big deal of
having being a package in a distribution. I wouldn't make it something
that comes default installed, but I'd certainly make it something you
could get if you wanted it. If that's stupid, I'm not seeing it. 

-----------------------------------------------
  Justin Hahn    	<jehahn@raven.bu.edu>
Systems Administrator Boston University SPI Lab
-----------------------------------------------

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/