Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? As already said, documentation is a *Very* important part of a distribution. IMHO the Securing Debian HOWTO (might change it to Manual sometime in the future) does tackle an important issue. I would be very grateful if you reviewed and improved the (incomplete) information I wrote regarding Bind security in Debian (IMHO it's better placed here than in a separate HOWTO). Please read: http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind SGML sources are available through CVS (check http://www.debian.org/doc/ddp), patches for the CVS sources are prefered but I will also accept any other suggestions. Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Asking for documentation help (Re: IPSec questions...)
That would be great. I will accept patches anytime. Please don't forget about writting it! (I will keep this mail, just as a reminder :) Javi On Mon, Jan 14, 2002 at 10:46:48AM -0500, Noah L. Meyerhans wrote: I'd happily volunteer to write the whole chapter, but I don't forsee having enough free time for that until sometime in mid March. If anybody wants to work on it, though, let me know, and I'll lend a hand. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? As already said, documentation is a *Very* important part of a distribution. IMHO the Securing Debian HOWTO (might change it to Manual sometime in the future) does tackle an important issue. I would be very grateful if you reviewed and improved the (incomplete) information I wrote regarding Bind security in Debian (IMHO it's better placed here than in a separate HOWTO). Please read: http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind SGML sources are available through CVS (check http://www.debian.org/doc/ddp), patches for the CVS sources are prefered but I will also accept any other suggestions. Regards Javi
Re: Asking for documentation help (Re: IPSec questions...)
That would be great. I will accept patches anytime. Please don't forget about writting it! (I will keep this mail, just as a reminder :) Javi On Mon, Jan 14, 2002 at 10:46:48AM -0500, Noah L. Meyerhans wrote: I'd happily volunteer to write the whole chapter, but I don't forsee having enough free time for that until sometime in mid March. If anybody wants to work on it, though, let me know, and I'll lend a hand. --
Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. I can't necessarily volunteer right now, as I'm far too busy, but I can certainly put in some effort and provide some technical help. I use FreeS/WAN in just about every configuration it supports, all on Debian. I'd happily volunteer to write the whole chapter, but I don't forsee having enough free time for that until sometime in mid March. If anybody wants to work on it, though, let me know, and I'll lend a hand. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg05238/pgp0.pgp Description: PGP signature
Re: Asking for documentation help (Re: IPSec questions...)
On Monday, 2002-01-14 at 10:31:38 +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. Topics to comment about: - FreeSwan - CIPE - Ssh - ... Any volunteer? Not this one: ENOTUITS. But I'd like to suggest to incorporate information from http://www.shorewall.net/PPTP.htm and http://poptop.lineo.com/setup_pptp_server.html on PPTP and MPPE. At least temporarily until the US vs. Non-US problem for the kernel and PPP goes away. I just set up PPTP and the description at the two sites applies to Debian, too. Obstacles that should be removed: 1) integrate MPPE in the kernel. 2) patch PPP for MPPE and MSCHAPv2. 3) upgrade PPTP to 1.0.1. I sincerely hope this can happen soon. Until then, SuSE is ways easier to set up for PPTP. (Dunno what they deliver in the US, but here in Germany, they have those patches integrated.) Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Asking for documentation help (Re: IPSec questions...)
On January 14, 2002 02:31 am, Javier Fernández-Sanguino Peña wrote: I w as wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. Topics to comment about: - FreeSwan - CIPE - Ssh - ... Any volunteer? Javi I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? Anyway, I would be glad to contribute to any aspect of Debian itself. Just let me know what I can do. Stef -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. Even if it's *just* writing docs for the community? A lot of people don't seem to realize it, but that's one of the most important things you can do to contribute! In many cases, the code is all there but the only people who know how to use it are the people who wrote it! I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? I recall there being discussion a while back about packaging chroot bind. I don't know whether or not anything came of it at all. There is a chroot bind HOWTO already. Last I knew, this only addressed bind 8 and did so from either a distribution independent or (worse) a Redhat specific point of view. I'm not sure where you would want to publish your bind 9 docs. Perhaps they'd be put to best use if contributed to the Securing Debian howto. Or you could offer them to the author of the chroot bind HOWTO, possibly adding the Debian specific stuff as an appendix to the main document or something. I would be glad to contribute to any aspect of Debian itself. Just let me know what I can do. If you're serious about your willingness to contribute documentation, see http://www.debian.org/doc/ddp/ To me, it seems that a lot of the docs there have a great deal of potential, but there's a lot of duplication of effort. I'd really love to see a relatively major, broadly scoped document linked directly from the www.debian.org, similar to the FreeBSD Handbook. That's my suggestion, anyway. There's plenty of work to be done. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg05265/pgp0.pgp Description: PGP signature
Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. I can't necessarily volunteer right now, as I'm far too busy, but I can certainly put in some effort and provide some technical help. I use FreeS/WAN in just about every configuration it supports, all on Debian. I'd happily volunteer to write the whole chapter, but I don't forsee having enough free time for that until sometime in mid March. If anybody wants to work on it, though, let me know, and I'll lend a hand. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpQBDg7Qa0aJ.pgp Description: PGP signature
Re: Asking for documentation help (Re: IPSec questions...)
On Monday, 2002-01-14 at 10:31:38 +0100, Javier Fernández-Sanguino Peña wrote: I was wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. Topics to comment about: - FreeSwan - CIPE - Ssh - ... Any volunteer? Not this one: ENOTUITS. But I'd like to suggest to incorporate information from http://www.shorewall.net/PPTP.htm and http://poptop.lineo.com/setup_pptp_server.html on PPTP and MPPE. At least temporarily until the US vs. Non-US problem for the kernel and PPP goes away. I just set up PPTP and the description at the two sites applies to Debian, too. Obstacles that should be removed: 1) integrate MPPE in the kernel. 2) patch PPP for MPPE and MSCHAPv2. 3) upgrade PPTP to 1.0.1. I sincerely hope this can happen soon. Until then, SuSE is ways easier to set up for PPTP. (Dunno what they deliver in the US, but here in Germany, they have those patches integrated.) Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm|
Re: Asking for documentation help (Re: IPSec questions...)
On January 14, 2002 02:31 am, Javier Fernández-Sanguino Peña wrote: I w as wondering... could someone write a How to build VPN's in Debian small documentation for inclusion in the Debian Security HOWTO (http://www.debian.org/doc/ddp) it could make for a nice chapter in there. Topics to comment about: - FreeSwan - CIPE - Ssh - ... Any volunteer? Javi I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? Anyway, I would be glad to contribute to any aspect of Debian itself. Just let me know what I can do. Stef
Re: Asking for documentation help (Re: IPSec questions...)
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote: I would'nt mind getting involved with the Debian project, even it is just wriiting docs for the community. Even if it's *just* writing docs for the community? A lot of people don't seem to realize it, but that's one of the most important things you can do to contribute! In many cases, the code is all there but the only people who know how to use it are the people who wrote it! I don't have any pratical experience with FreeSWAN at all, however, I have statically compiled BIND 9 and placed it in a chroot jail on Debian. I wonder if it would hard to packge a chroot'ed setup of BIND9 once it completely configured? I recall there being discussion a while back about packaging chroot bind. I don't know whether or not anything came of it at all. There is a chroot bind HOWTO already. Last I knew, this only addressed bind 8 and did so from either a distribution independent or (worse) a Redhat specific point of view. I'm not sure where you would want to publish your bind 9 docs. Perhaps they'd be put to best use if contributed to the Securing Debian howto. Or you could offer them to the author of the chroot bind HOWTO, possibly adding the Debian specific stuff as an appendix to the main document or something. I would be glad to contribute to any aspect of Debian itself. Just let me know what I can do. If you're serious about your willingness to contribute documentation, see http://www.debian.org/doc/ddp/ To me, it seems that a lot of the docs there have a great deal of potential, but there's a lot of duplication of effort. I'd really love to see a relatively major, broadly scoped document linked directly from the www.debian.org, similar to the FreeBSD Handbook. That's my suggestion, anyway. There's plenty of work to be done. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpwlvVLyp0WM.pgp Description: PGP signature