Hi all, I have recently been evaluating e-smith v 5.1.2 for use in a fairly hostile environment and was wondering if anyone has any real-world experience with this product and any feedback based on these experiences.
FWIW the hostile environemnt is the public education system so it is only hostile from the inside. The servers will be placed within a very large WAN and will be configured to upstream all http requests to a well secured clustered cache at head office, so the only concerns come from high school students on the *trusted network* and the only intention is to save bandwidth over the relatively slow WAN links. I haven't found any vulnerabilities except the recent PHP vuln's for which a patch has now been released. Unfortunately the 'powers-that-be' are convinced this product is perfect for them though they only want it as a squid proxy with a web based configuration and management portal and have now considered allowing me to at least turn off the SMB, smtp, webmail, etc. IMHO I would love to see a hardened (or just ipf'ed) OpenBSD box running squid and webmin, but I need a great weight of evidence to encourage changes of mind in this less-than-perfect organistaion. Thanks in advance for any feedback you may have Dave
