SELinux and Security Updates Qusetions

Kendrick kendrick at linux2themax.com
Sun Aug 22 15:59:03 PDT 2004


http://www.linuxfromscratch.org/~robert/hlfs/downloads/cvs/

Justin Friel wrote:

> Hey Everyone,
>
> Recently I have been trying to build the current testing version of 
> LFS with SELinux support.  While I am not a newbie to LFS, this is the 
> first time I have drastically strayed from the book.  I came across 
> the HLFS project while googling the subject.
>
> While I have been (so far) successful, I have found it to be rather a 
> pain, as all of the patches are made for the current Fedora sources. 
> Also, instead of building the SELinux modules and packages in chapter 
> 5, I have been building them in chapter 6.  I have read the Wiki, HLFS 
> site and looked through the hints for a more efficient way to do this, 
> but come up short.  The website said there is no HLFS book yet, is 
> there a testing or unstable version yet?  If not, what hints should I 
> look at to build a more complete system from a security standpoint.  
> Does anyone from the HLFS project have patches for the sources used in 
> LFS, or should I continue to use the sources from nsa and add all of 
> the included Fedora patches (some of which disable features LFS uses, 
> like the shadow-utils package).
>
> The LFS machine I am building for right now is a firewall/router which 
> seems to be constantly fending off various attempts to break in 
> (surprisingly mostly from machines in Germany, just an aside) and I am 
> getting weary of rebuilding every few months.  My new plan is to 
> create a highly security-oriented image and keep running for at least 
> a year, maybe two.  If i were to do this is there a good place for LFS 
> users to  get info on new security vulnerabilities and patches?  I 
> found a couple of lists at http://www.insecure.org and was wondering 
> if this is a good place to start.
>
> Sorry for the windy post, thanks for the help.
>
> Justin





More information about the hlfs-dev mailing list