also sprach Roberto C. Sanchez <[EMAIL PROTECTED]> [2005.09.03.1502 +0200]: > I don't use it in nearly such touch environment, but everything I have > seen/read about it leads me to believe that it can handle large setups > very well.
I would talk to the alioth admins about it. Maybe I am just incapable of administering OpenLDAP and they got the grips on the server by now, but OpenLDAP to me is a synonym for grey hair and raving fits of madness. > > It's also *terribly* outdated, breaks some things when used > > carelessly, and gives a wonderfully false sense of security. The > > same applies to tiger/TARA, btw. > > > Funny that you mention that. I emailed Javier a while back > because some of the changes effected by Bastille were undone when > I upgraded my server from Woody to Sarge. He said it needs to be > updated to use the dpkg-statoverride, rather than just changing > attriutes of files without dpkg's knowledge. Other than that, > I found it a very helpful tool. It is a helpful tool. The greatest mistakes you can make are to need and to trust it. Go through the process, make conscious decisions, but then, for every feature you turn on (or off), verify it after the run, make sure you understand how it's done, and then don't touch bastille again. Oh, and make sure you know what it's talking about. Just clicking yes because a feature "sounds good" is calling for trouble. > Besides, your statement "breaks some things when used carelessly, > and gives a wonderfully false sense of security" can be applied to > *any* hardening tool or package. Yes. That's why I strongly recommend not to use them. > The fact is, that you can't expect to secure a system well with no > knowledge of escurity. Absolutely. And no tool can do it for you either. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! "whoever fights monsters should see to it that in the process he does not become a monster. and when you look into an abyss, the abyss also looks into you." - friedrich nietzsche
signature.asc
Description: Digital signature (GPG/PGP)
