Re: wish list

[James Antill <james@and.org>]

Emanuele <ntf@dislessici.org> writes:

> hi at all!,
>  Some interesting feature that i think are important:
> 
> 
> - Compile distro with stackguard

 The problem with this is that some exploits could just turn into DOS
attacks. It's be better IMO if this wasn't _needed_ Ie. the source was 
audited ... but could be chosen if you were really paranoid (and had
cycles to waste).

> - Use tripwire by default

 This isn't easy to do, to run tripwire (or similar products) you need 
to do major work (pretty much minimum of read only media -- and better 
if you have the readonly media on a second box which only does
outgoing connections to your "secure" box to generate the new
hashes).

> - Install tcp|udp|icmp log
> - Script to configure tcpd/wrapper during the installation

 Persoanlly I'd prefer no software that needed inetd and hence tcp
wrappers -- yes I know you can use it in external programs but most
(all?) also provide their own mechanisms.

> - Nmap, nessus and other audit tool
> - Ssh (of course :-)
> - SSLftp, SSLeay
> - Nidsbench (an intrusion detection tool)
> - Smail or qmail 
> - Route kernel patch? (there are for kernel v2.2?)
> - Tool/script to help for ipchains configure 
> - Tcpdump/sniffit
> - Passwd cracker (jripper is good)

 I'd also prefer a non "normal" auth mechanism, so this goes out
... 2048 bit gpg with the private keys only accesible by root ?

-- 
James Antill -- james@and.org
If you go to the Third World and find 100 people who have never tasted ketchup
before, you find out two things: one is that people don't actually like tomato
ketchup, the other is that they dislike all ketchups equally. -- Rob Young.
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/