SELinux and Security Updates Qusetions
kendrick at linux2themax.com
Sun Aug 22 15:59:03 PDT 2004
Justin Friel wrote:
> Hey Everyone,
> Recently I have been trying to build the current testing version of
> LFS with SELinux support. While I am not a newbie to LFS, this is the
> first time I have drastically strayed from the book. I came across
> the HLFS project while googling the subject.
> While I have been (so far) successful, I have found it to be rather a
> pain, as all of the patches are made for the current Fedora sources.
> Also, instead of building the SELinux modules and packages in chapter
> 5, I have been building them in chapter 6. I have read the Wiki, HLFS
> site and looked through the hints for a more efficient way to do this,
> but come up short. The website said there is no HLFS book yet, is
> there a testing or unstable version yet? If not, what hints should I
> look at to build a more complete system from a security standpoint.
> Does anyone from the HLFS project have patches for the sources used in
> LFS, or should I continue to use the sources from nsa and add all of
> the included Fedora patches (some of which disable features LFS uses,
> like the shadow-utils package).
> The LFS machine I am building for right now is a firewall/router which
> seems to be constantly fending off various attempts to break in
> (surprisingly mostly from machines in Germany, just an aside) and I am
> getting weary of rebuilding every few months. My new plan is to
> create a highly security-oriented image and keep running for at least
> a year, maybe two. If i were to do this is there a good place for LFS
> users to get info on new security vulnerabilities and patches? I
> found a couple of lists at http://www.insecure.org and was wondering
> if this is a good place to start.
> Sorry for the windy post, thanks for the help.
More information about the hlfs-dev