SELinux and Security Updates Qusetions

Justin Friel reply at the.list
Sun Aug 22 13:40:20 PDT 2004


Hey Everyone,

Recently I have been trying to build the current testing version of LFS 
with SELinux support.  While I am not a newbie to LFS, this is the first 
time I have drastically strayed from the book.  I came across the HLFS 
project while googling the subject.

While I have been (so far) successful, I have found it to be rather a 
pain, as all of the patches are made for the current Fedora sources. 
Also, instead of building the SELinux modules and packages in chapter 5, 
I have been building them in chapter 6.  I have read the Wiki, HLFS site 
and looked through the hints for a more efficient way to do this, but 
come up short.  The website said there is no HLFS book yet, is there a 
testing or unstable version yet?  If not, what hints should I look at to 
build a more complete system from a security standpoint.  Does anyone 
from the HLFS project have patches for the sources used in LFS, or 
should I continue to use the sources from nsa and add all of the 
included Fedora patches (some of which disable features LFS uses, like 
the shadow-utils package).

The LFS machine I am building for right now is a firewall/router which 
seems to be constantly fending off various attempts to break in 
(surprisingly mostly from machines in Germany, just an aside) and I am 
getting weary of rebuilding every few months.  My new plan is to create 
a highly security-oriented image and keep running for at least a year, 
maybe two.  If i were to do this is there a good place for LFS users to 
  get info on new security vulnerabilities and patches?  I found a 
couple of lists at http://www.insecure.org and was wondering if this is 
a good place to start.

Sorry for the windy post, thanks for the help.

Justin



More information about the hlfs-dev mailing list