Security thoughts to chapter 4.

Randy McMurchy randy at
Wed Aug 24 17:03:46 PDT 2005

Guenther Niess wrote these words on 08/24/05 18:48 CST:
> I'm a newbie on lfs/blfs and want to install a multimedia/developer
> laptop desktop environment which is not the lowest security standart. So
> I prepare my installation for all the thinks and read the whole day
> about the programs referenced on the book. Then I stumbled over the
> sentence: "If you running Linux as a single user system, or in an
> environment where all the users are trusted, then there
> is no real advantage for using PAM." in the PAM System Administrator Guide.
> Now my question is: Does it really make sense to install Kerberos, Cyrus
> SASL and stunnel on my system?

Kerberos? Probably not. You need to learn what these packages do
before you even should consider them.

Cyrus-SASL? Maybe. But probably not.

Stunnel? Maybe. Are you thinking about installing Samba? Are you
going to access, or be accessed by Windows clients using Samba?
Chances are for just a desktop system, you won't need Stunnel.
At least until you understand what it is used for and *how* to
use it, you won't need it.

> It's difficult for me to see any advantage on many security programs. Is
> it not enough to install OpenSSL, Iptables, GnuPG, Tripwire and SSH for
> a desktop system or I'm naive?

Hey, it's up to you. Many things factor into your security needs.

1) How do you access the Internet?
2) Do you already have a firewall at your location?
3) Who all has access to your machine?
4) So forth and so on.

There is much information you can read up on about securing your
system. Please consider doing some more research to determine *your*
needs, and then use whatever is appropriate. It is difficult for
someone without any knowledge of what your expectations and/or
requirements are to offer much help.


rmlscsi: [GNU ld version 20041220] [gcc (GCC) 3.4.3]
[GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686]
18:54:00 up 144 days, 18:27, 3 users, load average: 0.01, 0.02, 0.07

More information about the blfs-support mailing list