[Honeywall] Welcome!

Earl esammons at hush.com
Thu Jun 28 21:08:23 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 28 Jun 2007 18:24:41 -0400 Patrick McCarty
<patrick at setsuid.net> wrote:
>
>We've been talking about this for quite some time.
>
>IMO we need to adopt a supportable platform that will be available
>for 2+ years that provides the closest environment to our target.
>(ie: less OS devel for us, more honeynet specific stuff)

Amen.

>12-18 packages is quite a few, but not completely out of the
>question. (Depending on versioning dependencies, etc)

concur.

>We've talked about the pipe dream of being able to install a
>"honeywall package" on top of whatever platform the user desires,
>but I just don't see that as realistic. We need to be able to
>control as much of the environment as possible to reduce unknown
>installation factors and configuration complexity.

I made attempts to modularize some of the duct tape when I was
working on 1.2 with this in mind but its still a long way off...
What you say is very true..  Reason being that there is SO much
happening on this system it's almost impossible to completely
decouple the app layer.  It can be done but I'm affraid it would
end up being more of a "process" than the effortless "one click"
install solution we have now.  Also, it would take OS experts for
each target to maintain...

Don't get me worng...  If anyone wants to take this on once we open
up the read-only SVN I'll be more than happy to share all of my
lessons learned etc.

>Oh, and I really prefer not to pull packages from some other third
>party repo if we can avoid it. At minimum I'd prefer to repackage
>them into our own repo.

Yeah...  been there, felt the pain, wont happen again.  To clarify,
we might end up sucking a few non-included packages that we verify
first into *our* repo from external sources...  no pointing roo's
yum config to anything other than Honeynet repos... wont happen
again!

thanks for the feedback... keep it comming!

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkaEV0cACgkQk7+e+4lPSm3V5gCfYrEgHgzhzrx7nS6NJShEpEIr2/kA
n2Xx/VHDD6H5xFtbProN7ihLB2HG
=spUW
-----END PGP SIGNATURE-----




More information about the Honeywall mailing list