Neil Bothwick <[EMAIL PROTECTED]> writes: > On Tue, 25 Dec 2007 22:53:10 -0600, [EMAIL PROTECTED] wrote: > >> This machine is been prepped to be a sort of DMZ machine, but not >> more wannabe than really since it will not route stuff to my home lan >> at all... just be the recipient of all blocked stuff at an upsteam >> NETGEAR firewall/router. >> >> I would like an opinion about the USE flags I keep in /etc/make.conf >> >> USE="mysql emacs mbox hal acpi logrotate vga nptl nptlonly \ >> -ipv6 -imap -maildir -gnome -X -kde" >
[...] ----- Notes ----- Notes ----- First let me reiterate what this OS is supposed to do. My original post was so riddled with typos and bad grammer, I'm amazed you understood enough of it to make a sensible reply. Briefly: This machines' purpose is to receive the output of a DMZ switch at a NETGEAR router upstream. It will not be routing anything to the local lan and has only 1 nic. I just want a pipeline of all the baloney my firewall is dropping for my own investigation. The netgear router/firewalls' own logging capabilities produces a big awkward, poorly formatted log. Getting it mailed and processed is a pain, and having it log directly to a lan machines' syslog seems to truncate the data to the point its nearly useless. The configuration proceedure is also way awkward compared to hand editing an iptables script. I plan to install an iptables firewall that drops incoming portscans sweeps untoward connection attempts etc. etc.logs the info and study the logs with tcpdump etc. ---- End Notes ----- End Notes ----- Neil wrote: > It depends on the profile you use, since that affects the defaults > for flags not set/unset in /etc. Which profile are you using, hopefully a > server one, and what does "emerge --info show". The output from emerge Gack.... I've never given a moments thought to which profile I used. It appears to be pointing at the default one. /etc/make.profile -> ../usr/portage/profiles/default-linux/x86/2006.1 emerge --info shows a hefty list of USE flags. Good lord. I had no idea all those were being used during emerges. I think I better do some reading before proceeding with this. I'm thinking, switching to the `hardened' profile is probably what I should be doing. How does one go about changing the profile? Is it as simple as just changing the symlink? googling on `site:gentoo.org profile' I find a little guide showing how to change from 2004.0 to 2006.X. It talks about a different setup being deployed post 2004.0. So I'm wondering if there are more or different steps involved now? The full output of that search even when adding `-forums' is too much to swim thru without a little more paring down. -- [EMAIL PROTECTED] mailing list
