Examples of 'dpkg --get-selection > packagesinstalled.txt' for firewall

Bob Edwards Robert.Edwards at anu.edu.au
Thu Nov 28 14:35:55 EST 2002

We always log from our firewalls to dedicated log hosts located on the inside 
network. If someone does get into the firewall, the first thing they will do 
is delete/corrupt the log files to put you off their scent (stench). The 
internal log host machine usually knows nothing about the outside world (no 
default route) and blocks most everything.

Then you don't need log rotation on your firewall. Actually most of our 
firewall machines net boot from an internal server and have no non-volatile 
storage at all. Some of them boot from CD-ROM and have a floppy for 
configuration files (usually kept write protected).

Of course, all this (log hosts and net booting) requires extra infrastructure.


Bob Edwards.

Sam Couter wrote:
> Robert Thorsby <robert at thorsby.com.au> wrote:
>>As something to kick off the justification process: Why cron -- it's 
>>totally unnecessary, and easily replaceable.
> Cron comes from logging (as a way to start the log rotation process each
> night).
> You can do without cron if you can do without logging, which maybe you
> can. Personally, I break shit often enough that I require the
> convenience of running syslog-style logging.
> I've designed my firewall as an application of a general-purpose
> operating system, not an embedded system.
> In my case, I have minimized the security risk presented by a logging
> daemon by ensuring that it doesn't listen on a network port (which is
> blocked anyway).
> Next?
> [ In case you hadn't worked it out already, I have already justified
> each and every package I have installed on the machine within my
> security context and functional requirements. ]

More information about the linux mailing list