[WBEL-users] Recommendation for BIND only distro?
William Warren
hescominsoon at emmanuelcomputerconsulting.com
Wed May 25 11:58:20 CDT 2005
you can also use shorewall to lock down your system quite well as
well..:)
Erik Williamson wrote:
> Hi Bob,
>
> I'd go with your first idea. Reasons:
> 1) Running fewer distros helps toward standardisation of your environment.
> 2) Basically all you'd need is bind, an editor, and an update agent.
> 3) Stop all other services on that machine (portmap, etc), and you've
> already gone a long way to protecting that machine.
>
> e.
>
> Bob Ramstad wrote:
>
>> I'm sure some of the other good sysadmin type folks here have run into
>> this...
>>
>> We have a need to bring up a very very limited role server for taking
>> care of external DNS requests. This will be the only public service
>> at our location.
>>
>> My initial thought was to do a WBEL3 minimal install, then add BIND,
>> and go from there. (When all you have is a hammer, everything looks
>> like a nail...)
>>
>> It then occurred to me that it would be more secure to build the
>> machine in a way that it could be totally burned down, hacked, and
>> whatnot with the only downside being loss of the service.
>>
>> It then occurred to me that there have to be some distros out there
>> that are meant for this kind of purpose, and sure enough, there's an
>> embarassment of riches out there... hard to choose one.
>>
>> Anyone care to offer an opinion as to which approach makes more sense
>> to them (WBEL3 minimal install OR dedicated router / firewall / BIND
>> type distro) and if the latter, recommend one of the many distros out
>> there?
>>
>> Anyone out there running a Linux box from read only media, like
>> CD-ROM, for firewall / routing / BIND?
>>
>> -- Bob
>>
>> _______________________________________________
>> Whitebox-users mailing list
>> Whitebox-users at beau.org
>> http://beau.org/mailman/listinfo/whitebox-users
>
>
--
Computer House Calls, Networks, Security, Web Design:
http://www.emmanuelcomputerconsulting.com
What businesses are in Brunswick, Maryland? Check Brunswick First!
http://www.checkbrunswickfirst.com
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper;
and every tongue that shall rise against thee in judgment thou
shalt condemn. This is the heritage of the servants of the LORD,
and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)
Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/
More information about the Whitebox-users
mailing list