LINUX SECURITY --- April 17, 2001 Published by ITworld.com -- changing the way you view IT http://www.itworld.com/newsletters __________________________________________________________________________ ______ HIGHLIGHTS * Compile your own Linux OS without a vendor's "additional features." __________________________________________________________________________ ____ Know your Distro By Rick Johnson We have all been in this situation. You've just wrapped up the install of your favorite distribution, or maybe you crossed battle lines and tried something new, and you casually glance at the available disk space before almost choking on your Mountain Dew. That "complete" install took up well over a gigabyte of space! Sure, some are less, some are more, but that seems to be the average. When did the Red Hats of the world become so big? The marketing team calls it "adding useful features", while others refer to these additions simply as "bloating". I'm somewhere in the middle. The option of installing additional packages is useful, but I find that even a stripped install leaves behind too much garbage for my tastes. How can you possibly fit one of these into an embedded appliance? More importantly, how can you be certain what processes are actually running? You never know just what someone has slipped into the installer. Our local users group (SacLug http://www.saclug.org) has discussed this in length recently. As the thread progressed, one of the more technical members recommended the Linux from Scratch Project (http://www.linuxfromscratch.org). Just hearing the name made me instantly curious. His comment was, "Just what you want, how you want it, and where you want it." The concept is actually rather unique. Linux from Scratch (LFS) is not a distribution, and even using that name goes against the whole LFS idea. The project itself consists of "books" describing how to compile each object from scratch. LFS requires an existing Linux distribution where you build the custom distribution under it's own mount point or directory structure, thereby avoiding any contamination from the existing OS. However, a floppy based distribution can be used to assist in this task. Take the time to read the books that encompass the project as it is truly informative. I've been in the market for such a distribution to fill my current project's needs. Contemplating actually building my own left chills running down my spine so you can expect to find a thorough review covering LFS in the future. About the author(s) ------------------- Rick Johnson is currently the Manager of Security Services for FusionStorm, a remote managed services company. When not writing, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. __________________________________________________________________________ ______ ADDITIONAL RESOURCES Packaging and installation issues for Linux and LSB A self-hosting standard could solve many current problems http://www.itworld.com/jump/linsec_nl/www.itworld.com/Comp/2362/lw-10-peng uin_2/ How a Linux standard would benefit distributors http://www.itworld.com/jump/linsec_nl/www.itworld.com/Comp/2365/lw-03-peng uin_1/ Interview: VA Linux looks to the enterprise Economic downturn causes Linux server company to change focus http://www.itworld.com/jump/linsec_nl/www.itworld.com/Comp/1416/IDG010404v alinux Debian's daunting installation Get the gory details here -- and inform your own efforts http://www.itworld.com/jump/linsec_nl/www.itworld.com/Comp/2365/lw-09-vcon trol_2/ __________________________________________________________________________ ______
<<attachment: winmail.dat>>