Hi All-- I am blown away by the high level of security in the standard Openwall 1.0 install - Amazing job to all concerned! I have a couple of comments and questions, though. First, I had to `echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts`. Is there a reason this isn't done by default in order to discourage the use of Openwall boxes for icmp DDoS attacks? Secondly, I had to disable ctrl-alt-del reboots. Though this is more of a "personal choice" issue, it seems that allowing anyone who can get their hands on the keyboard to reboot the machine (possibly with a nasty floppy or cdrom in the drive) is insecure. And finally, it would be nice if `wipe` or some other secure deletion program were included in the distro :). Thanks for putting together such a squeaky-clean distro. Now I can sleep well at night... Steve Olszewski soso at busymonkeyNOSPAM. dot org
This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:17 PST