SELinux and Security Updates Qusetions
reply at the.list
Sun Aug 22 13:40:20 PDT 2004
Recently I have been trying to build the current testing version of LFS
with SELinux support. While I am not a newbie to LFS, this is the first
time I have drastically strayed from the book. I came across the HLFS
project while googling the subject.
While I have been (so far) successful, I have found it to be rather a
pain, as all of the patches are made for the current Fedora sources.
Also, instead of building the SELinux modules and packages in chapter 5,
I have been building them in chapter 6. I have read the Wiki, HLFS site
and looked through the hints for a more efficient way to do this, but
come up short. The website said there is no HLFS book yet, is there a
testing or unstable version yet? If not, what hints should I look at to
build a more complete system from a security standpoint. Does anyone
from the HLFS project have patches for the sources used in LFS, or
should I continue to use the sources from nsa and add all of the
included Fedora patches (some of which disable features LFS uses, like
the shadow-utils package).
The LFS machine I am building for right now is a firewall/router which
seems to be constantly fending off various attempts to break in
(surprisingly mostly from machines in Germany, just an aside) and I am
getting weary of rebuilding every few months. My new plan is to create
a highly security-oriented image and keep running for at least a year,
maybe two. If i were to do this is there a good place for LFS users to
get info on new security vulnerabilities and patches? I found a
couple of lists at http://www.insecure.org and was wondering if this is
a good place to start.
Sorry for the windy post, thanks for the help.
More information about the hlfs-dev