Security thoughts to chapter 4.

Simon Geard delgarde at ihug.co.nz
Thu Aug 25 04:24:39 PDT 2005


On Thu, 2005-08-25 at 01:48 +0200, Guenther Niess wrote:
> Now my question is: Does it really make sense to install Kerberos, Cyrus
> SASL and stunnel on my system?

Almost certainly not for a desktop machine. I've never tried installing
any of the three, and wouldn't do so unless they were a hard dependency
for something else. The same applies to PAM - unless you want to try out
exotic authentication schemes, it's of little benefit on a single-user
system.

> It's difficult for me to see any advantage on many security programs. Is
> it not enough to install OpenSSL, Iptables, GnuPG, Tripwire and SSH for
> a desktop system or I'm naive?

Well, openssl you'll need, simply because it's used by a large number of
applications like web browsers and email. And most machines can probably
benefit from using iptables to block off unwanted inbound connections.

As for the others, what do you need them for? GnuPG lets you sign and
encrypt things like email and files - nice to have, but non-essential.
SSH isn't really needed on a desktop, unless you're using it to log in
to other machines or will be logging in to yours from elsewhere. Don't
know much about Tripwire - probably nice to have, but not vital.

Don't just install packages for the sake of installing them - find out
what they do, and install them if you actually need what the package
provides.

Simon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfromscratch.org/pipermail/blfs-support/attachments/20050825/2c089e13/attachment.sig>


More information about the blfs-support mailing list