Hi there, I once build a working HLFS system, about a year ago, and since I am into software testing I am generally interested in security as well. I've noticed that the current book is not buildable for a few months now, so I don't know whether this project is slowly becoming abandoned or whatever, but I would still like to pose my question.
How do you propose testing the validity(read: actual security) of a system like HLFS? I build one myself, but how can I verify that I did it right? It seemed to work fine, (before I burned it to a disk and wiped the drive for another project) but working does not equal secure. Ofcourse, secure today does not mean secure tomorrow, but in general I would feel a lot better if I could show actual test results, which prove that my homemade HLFS system beats an Ubuntu, Fedora, what not 'general' system. I'm sure that a hardened system like HLFS is not for the average joe, so I am expecting various HLFS builders (ie: you) to use this system for something usefull like a server. And perhaps you builders have actually written various testscripts to try and verify you've gotten the security that you were looking for. Since I am not a programmer, or a security expert, I have trouble trying to come up with hard testscripts that clearly define the borders of the expectations that I have/can have of this system. In general, I feel safe when my system doesn't crack under the attack of nessus, but that's about it. Aside, in general, I'm just interested in your opinion on testing, how much time/effort have you spent while/after building your HLFS? Cheers, Warren -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
