Heiko Zuerker heiko at
Mon Jan 17 09:33:28 PST 2005

> Where does beyond-hlfs stuff belong? The most convenient place for me is
> adding a chapter08,09,10. The first packages I have in mind are iptables
> with
> the grsecurity patch, tripwire, grsec-admin (acls), and openssl.

I would not add the iptables patch from grsecurity.
"Stealthness" can easily be achieved with good firewall rules and should
not happen 'automatically'.

> Iptables, tripwire, and acl, chains/polices would be added to every
> package
> after. Even though these three are in different categories they would have
> to
> get installed before any other optional packages.
> So maybe call this category (chapter08) "Policy enforcement and intrusion
> detection"? This could also include a cron daemon and /etc/weekly scripts.
> Then chapter09 would be something like "Network services"?
> Anyone have another idea?

Take a look at our CVS repository (the 'build' module), so you don't have
to invent the wheel twice:

  Heiko Zuerker

More information about the hlfs-dev mailing list