David Demland wrote:
>
> Has anyone installed Storm Linux. I am trying to put together a Firewall for
> our T1. I wanted a Debian version of Linux because of what I have read here
> about it for security. When installing all has seemed to go well until the
> computer reboots. When the syslogd is started the computer hangs. I have
> tried a custom install was well as the regular install. In all cases the
> reboot hangs.
>
> Does anyone have an idea?
I had a system that did that once, but it was overclocked to much for
the temperature environment it was in. (I get cold easily, and so I
often shut my vents... I know its horrible for the hardware, but 70F
is just too cold for me unless I am active. Typing with purple hands
sucks... so its often up to 85 or 90 in here, although I usually
prefer about 78.. my aunt sets the A/C to 67 to 69 tho!!! Glad I am
tall enough to shut the ceiling vents by just reaching up!)
Other than hardware failures, theres a few remaining possibilities:
Something that starts right after syslogd hangs the system (ldconfig?)
Syslogd is the first thing that actually attempts to WRITE to disc,
and there are issues with the driver/kernel you are now using instead.
Try disabling UDMA in BIOS if you have it, UDMA probably wouldnt be
too critical for a firewall anyways, right?
--
Regarding the general issue of security, if the computer is ONLY to be
used as a firewall, the best way to ensure that it is secure is to
have absolutely ONLY what you need on it, and allow telnet logins only
from the LAN side. Web server, X, and videogame security issues are
nonexistant if these things are not installed on the system to start
with!
Internet Junkbuster is a pretty decent HTTP proxy (seems to work for
HTTPS as well. Not sure if this is handled differently or not, or even
if it needs to be) that also has the ability to block advertizements
(or any other unwanted web content... if this is for a low-bandwidth
network, block common extentions for large files..). You can use it to
let people OUT of the firewall, if you dont wish to use transparent
proxying (or masquerading, even). While security isnt its primary goal
(being able to block URLs based on strings, to block advertizing and
intrusive web-tracking IS its goal), since the source-code is
available, its unlikely to contain any nasty surprises. It can be had
at:
http://www.junkbusters.com/
Also, the less interesting a machine is (less stuff installed), the
less likely it is that it will be tampered with if a genuine hacker
DOES "break" into it... while not the case for vandals, there are
those that simply wander around, opening doors that arent locked
tight, just to see what is inside... when the contents are
interesting, the temptation to stick around and play for a bit exists.
Unfortunately, it is possible that such access opens other doors to
vandals, or can result in something being accidently broken, so
discourage it with a boring box if possible.
--
jkenner@mindspring.com __
I Support Linux: _> _ _ |_ _ _ _|
Working Together To <__(_||_)| )| `(_|(_)(_|
To Build A Better Future. | <s>