testing the system

WarrenHead warrenhead at gmail.com
Tue Jan 30 13:42:16 PST 2007


Hi there,

I once build a working HLFS system, about a year ago, and since I am 
into software testing I am generally interested in security as well.
I've noticed that the current book is not buildable for a few months 
now, so I don't know whether this project is slowly becoming abandoned 
or whatever, but I would still like to pose my question.

How do you propose testing the validity(read: actual security) of a 
system like HLFS?
I build one myself, but how can I verify that I did it right? It seemed 
to work fine, (before I burned it to a disk and wiped the drive for 
another project) but working does not equal secure.
Ofcourse, secure today does not mean secure tomorrow, but in general I 
would feel a lot better if I could show actual test results, which prove 
that my homemade HLFS system beats an Ubuntu, Fedora, what not 'general' 
system.
I'm sure that a hardened system like HLFS is not for the average joe, so 
I am expecting various HLFS builders (ie: you) to use this system for 
something usefull like a server. And perhaps you builders have actually 
written various testscripts to try and verify you've gotten the security 
that you were looking for.

Since I am not a programmer, or a security expert, I have trouble trying 
to come up with hard testscripts that clearly define the borders of the 
expectations that I have/can have of this system. In general, I feel 
safe when my system doesn't crack under the attack of nessus, but that's 
about it.

Aside, in general, I'm just interested in your opinion on testing, how 
much time/effort have you spent while/after building your HLFS?


Cheers, Warren



More information about the hlfs-dev mailing list