[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SuSE releases new security tools.

> On Sat, 27 Nov 1999, David wrote:
> >
> > I saw the included posting on the suse-security mailing list, and thought
> > it sounded like a good idea. So I was thinking of reviewing how compatible
> > these packages are with Indy (they come in RPM, so that's a start).
> >
> I saw it on freshmeat.
> >
> > What does anyone think of the inclusion of these (or similar) scripts in
> > Indy?
> >
> I think it's a great idea. With many people starting to use DSL and
> other such IP services, security is of even greater importance to
> the home user then it use to be.
> >  
> > I'm also just had the idea of writing a simple front end for IPCHAINS, one
> > that creates a firewall policy for the machine, by prompting the user for
> > answers to questions. Thoughts? I may have seen something similar on
> > securityfocus.com, but I'm not sure.
> >
> Good idea!

There is already one (gfcc) and it is in Indy 6.0.  We really need a
volunteer for documentation.

> This could be added as another in the series of  Indy Liberators
> designed to make configuration easier. I'm writing a Liberator and
> front end for eznet right now using newt for the console side and
> possibly a Tcl/Tk X front end later. Not sure yet.
> What would be your plan for a UI. Maybe we should shoot for a consistent
> look and feel. Sort of an Indy standard. (See my post a few days
> earlier regarding my idea for a console desktop).
> > 
> > I feel that security is (should be) an important part of EVERY disto. SuSE
> > seems to be taking it seriously, and I feel we should to.
> >
> I agree.

I want to include lokkit in Indy 6.1.  It is a very easy way to block
all connections coming from outside.  You can ask it to let pass
connections tyo some well defined services like the http server.

gfcc can do things lokkit cannot do (like masquarding addresses) but
lokkit is simpler if all you want is block attacks and in addition is
console mode and that means that it would be possible to include it
in installation or in scripts run at first boot.

			Jean Francois Martinez

Project Independence: Linux for the Masses