Examples of 'dpkg --get-selection > packagesinstalled.txt' for firewall
Robert Thorsby
robert at thorsby.com.au
Mon Nov 25 18:24:06 EST 2002
On 2002.11.25 10:26 I wrote:
>> In fact, I would be reluctant to have such a distro as you propose
>> [via your Installed Packages] as the OS on a firewall exposed to
>> the outside world. However, YMMV.
On 2002.11.25 17:50 Alex Satrapa responded:
> Any particular reasons - is it because it's Debian, the wrong version
> of Debian, or there's stuff you just wouldn't install (eg: bash,
> cron, logrotate, ipac-ng, pppoe, etc)?
I have nothing against _any_ of the major distros, nor any version of
Debian, and for you even to suggest that in your question shows that
you haven't understood what I was saying.
However, to put it plain beyond doubt, you have included stuff that:-
1. Is unnecessary;
2. Is a security risk;
3. Is not appropriate for a firewall; or
4. Two or more of the above.
The starting point for a firewall must be _zero_ and from there you
must justify every package that goes in. I really suggest that you have
a look at one of the floppy-based firewalls. Not from the point of view
of using that particular distro but from the point of view of seeing
what "absolutely mandatory, necessary and vital" packages _can_ be left
out.
It may well be that you decide that a stripped down, or alternative,
version of an applet will not do and the original must be included. OK,
that's fine -- but you have just justified (to yourself) your decision.
As something to kick off the justification process: Why cron -- it's
totally unnecessary, and easily replaceable.
Robert Thorsby
More information about the linux
mailing list