OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Russell \ (elikunixhost2.thewebhostingpeople.com)
Date: Wed Feb 14 2001 - 13:23:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

            Sure thing. Hmmm...Medusa DS9? Hmmmm...first time I heard of it. Can you
    send me the details about it?

            But as for the rest, I can send the patches for the kernel, which is
    composed to two files plus one line addition into the .spec file and the rpm
    package of the LIDS addon utility and the files to work with the Mandrake
    System in general but I probably need to put in some reference lines for
    other stuff that is common with Mandrake.

            You will be pleased that I have sort of finalized the entire system and it
    seems to be working great. Sort of make you consider the new way of
    thinking of how to secure the system when you get into root, you realize
    that you cannot do most of the stuff that normal super-user can do, unless
    you turn off the LIDS Local Mode to do the changes.

            Expect the stuff sent to you in a few hours.

            The current configuration I have is composed as follows:

    Qmail
    ProFTPD
    OpenSSH
    OpenLDAP
    Apache
    Ping & Traceroute disabled, even for users, but available when local LIDS is
    disabled.

            So...this is pretty good setup. I am still adding more rules and such as I
    go on, but it is really nice system.

    ----------------------------------------------
    Linux Administrator & Consultant
    Russell "Elik" Rademacher

    -----Original Message-----
    From: jaymandrakesoft.mandrakesoft.com
    [mailto:jaymandrakesoft.mandrakesoft.com]On Behalf Of Jay Beale
    Sent: Wednesday, February 14, 2001 1:36 PM
    To: security-discusslinux-mandrake.com
    Cc: Matthew Micene
    Subject: Re: [Security Discuss] LIDS into the Kernal?

    In the wise words of Russell Elik Rademacher:

    > Yes I have. It is still in work in progress, but I got most of the basic
    > functionality locked down, and I am working on some common tools which
    need
    > to be available to everyone like the traceroute or ping tools plus
    nslookup.
    > :)

    It sounds like you've got something good going. Let's take a look. I'll
    admit
    that I'm weighing Medusa DS9 more than LIDS, and SeLinux more than that.
    But
    let's look at your configuration.

    Can you get something to Chmoel, Vince and me?

     - Jay 

    --
Jay Beale
Security Team Director                  Lead Developer
Mandrakesoft                            Bastille Linux
http://www.mandrakesoft.com             http://www.bastille-linux.org