testing the system
warrenhead at gmail.com
Tue Jan 30 13:42:16 PST 2007
I once build a working HLFS system, about a year ago, and since I am
into software testing I am generally interested in security as well.
I've noticed that the current book is not buildable for a few months
now, so I don't know whether this project is slowly becoming abandoned
or whatever, but I would still like to pose my question.
How do you propose testing the validity(read: actual security) of a
system like HLFS?
I build one myself, but how can I verify that I did it right? It seemed
to work fine, (before I burned it to a disk and wiped the drive for
another project) but working does not equal secure.
Ofcourse, secure today does not mean secure tomorrow, but in general I
would feel a lot better if I could show actual test results, which prove
that my homemade HLFS system beats an Ubuntu, Fedora, what not 'general'
I'm sure that a hardened system like HLFS is not for the average joe, so
I am expecting various HLFS builders (ie: you) to use this system for
something usefull like a server. And perhaps you builders have actually
written various testscripts to try and verify you've gotten the security
that you were looking for.
Since I am not a programmer, or a security expert, I have trouble trying
to come up with hard testscripts that clearly define the borders of the
expectations that I have/can have of this system. In general, I feel
safe when my system doesn't crack under the attack of nessus, but that's
Aside, in general, I'm just interested in your opinion on testing, how
much time/effort have you spent while/after building your HLFS?
More information about the hlfs-dev