From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-50898-garchives=archives.gentoo.org@gentoo.org>)
	id 1GNVDl-0000Nv-BM
	for garchives@archives.gentoo.org; Wed, 13 Sep 2006 13:56:09 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8DDtPnP008469;
	Wed, 13 Sep 2006 13:55:25 GMT
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.205])
	by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8DDo4JK012888
	for <gentoo-user@lists.gentoo.org>; Wed, 13 Sep 2006 13:50:04 GMT
Received: by nz-out-0102.google.com with SMTP id n1so958385nzf
        for <gentoo-user@lists.gentoo.org>; Wed, 13 Sep 2006 06:50:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=TX3gaKBvjNOxFvBrueKxUs3Anpb/nelQm8ICOIHBrayqUnkTVaLlr1rRdI/lJjj6+9E98dFVPhoZ1Y9/oo7C1VsAxKe6PZ1xzORwH6xeWDwxqWzfDALspRDvMnyx7eXuWR0+1cKO+vuFHZAYJztCLLV/dAnfOIG3P/PvROyApOw=
Received: by 10.65.176.7 with SMTP id d7mr5554141qbp;
        Wed, 13 Sep 2006 06:50:03 -0700 (PDT)
Received: by 10.65.158.15 with HTTP; Wed, 13 Sep 2006 06:50:03 -0700 (PDT)
Message-ID: <558b73fb0609130650x60433c2dpa1ec4f4f6f6a7dc2@mail.gmail.com>
Date: Wed, 13 Sep 2006 09:50:03 -0400
From: "Michael Crute" <mcrute@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Simplified apache2
In-Reply-To: <loom.20060913T142442-90@post.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <loom.20060912T142340-527@post.gmane.org>
	 <558b73fb0609120808k799baf30j41560442b9c38d12@mail.gmail.com>
	 <45074266.7050301@gmail.com> <loom.20060913T142442-90@post.gmane.org>
X-Archives-Salt: 044f3b5a-afd7-444e-bf07-b8e52efcb3ab
X-Archives-Hash: 07d57d8949d26f63ffca238785100c77

On 9/13/06, James <wireless@tampabay.rr.com> wrote:
>
> Not sure I fully grasp what you mean by a 'hardened system'. If you mean
> running a hardened kernel with only necessary software installed, then
> yes, I run hardened kernels on most servers {dns, web, mail, firwalls....}
>
> If running a hardened system means more than that, please explain,
> or point me to some docs.

I guess I should have clarified when I made my initial suggestion. A
hardened system is one that is running the hardened profile. All my
server systems are built from the hardened stage 1 tarball. So
basically, you should not use the hardened useflag if your system was
not built with the hardened profile.

Note that there is more to "hardening" a system than just using a
certain profile or a combination of useflags but its a good start.

-Mike


-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list