Robert Connolly robert at
Fri Apr 9 20:58:56 PDT 2004

On April 10, 2004 01:24 am, Kendrick wrote:
> Robert Connolly wrote:
> >Updated again :)
> >
> just a question how will things from blfs be addressed? hints or
> somthing  ie how to properly secure a mailserver with av/spamassasn
> etc?  and/or the ideas behind what needs secureing on a mail server may
> also go with apache and the sql server.  I know there atleast was a bad
> bug in mod_ssl?  that allowed root duno if it affects v2 or any thing of
> that nature but  due to that bug being in 1.3? i mention it for that
> reason?  I was cerous since it is probably beyond the hlfs book will it
> be addressed some how or left totaly to the user to find.

There are plans to have a blfs section part of the hlfs book. Mail service 
could use its own subdirectory since it has so many ways of being used. I can 
think of a million ways of going nuts with securing services, and how they 
relate to eachother. Scenarios would need to be written I suppose. The blfs 
packages are just as important as the core, they're also the most likely 
sources of security holes. So we don't want to leave everyone to figure it 
out on their own. Do you have a suggestion for a server scenario? I think an 
ipnat serving apache and dhcpd would be a good start... but it would also 
need sshd, so maybe thats a better start. But before adding sshd I wanted to 
review the pam setup.. but I have some other stuff I wanted to review before 
that. There was also talk about modifying the boot scripts for iptables to 
come up before the interfaces do, and I'd like to add frandom/erandom to the 
make_dev script, which isn't ready yet. :\

As far as hints or patches go I suggest if anyone wants to add hlfs hints they 
should send them to lfs like normal, and we can add a link to it in the book.

More information about the hlfs-dev mailing list