heiko at zuerker.org
Mon Jan 17 09:33:28 PST 2005
> Where does beyond-hlfs stuff belong? The most convenient place for me is
> adding a chapter08,09,10. The first packages I have in mind are iptables
> the grsecurity patch, tripwire, grsec-admin (acls), and openssl.
I would not add the iptables patch from grsecurity.
"Stealthness" can easily be achieved with good firewall rules and should
not happen 'automatically'.
> Iptables, tripwire, and acl, chains/polices would be added to every
> after. Even though these three are in different categories they would have
> get installed before any other optional packages.
> So maybe call this category (chapter08) "Policy enforcement and intrusion
> detection"? This could also include a cron daemon and /etc/weekly scripts.
> Then chapter09 would be something like "Network services"?
> Anyone have another idea?
Take a look at our CVS repository (the 'build' module), so you don't have
to invent the wheel twice:
More information about the hlfs-dev