[prev in list] [next in list] [prev in thread] [next in thread]
List: sg-dc
Subject: Re: [sg-dc] Immunix Linux: status?
From: John Viega <viega () securesoftware ! com>
Date: 2003-01-31 16:55:24
[Download RAW message or body]
I'm CCing Crispin, as I'm sure he'll be happy to forward this to
someone within WireX to answer your questions about Immunix.
At the Defcon "capture the flag" event last year, I helped out with
Crispin's team, and I got to watch as they played around with
SubDomain. I thought it was quite an excellent tool for policy
enforcement. I don't have direct experience with CryptoMark, but I
have heard good things about it (it does integrity checks as
executables get accessed, instead of when you explicitly run a check,
which is good).
John
On Friday, January 31, 2003, at 10:40 AM, Peter Watkins wrote:
> So I have a couple months to upgrade the OS on systems I have that are
> still using Red Hat 6.2 (RHAT hs declared its EOL on March 31:
> https://www.redhat.com/apps/support/errata/)
>
> I was thinking maybe Immunix (http://www.immunix.org/) would be a good
> choice (Linux + OpenWall kernel patches + stackguard + formatguard +
> subdomain - silly X software) but noticed that the most recent Immunix
> System 7 patch is from June of last year
> (http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/?M=D) although
> Red
> Hat has released more than a couple dozen "security" updates since then
> (https://rhn.redhat.com/errata/rh7-errata-security.html). Yet Immunix
> has
> packages on its FTP server for what looks like the beta code of a new
> release (http://download.immunix.org/ImmunixOS/7+-beta/?M=D) from as
> recent as 5 Dec 2002.
>
> (Thanks, Mike, for the presentation & Q/A last night; yes, I'm still
> thinking RPM-based Linux; for my needs, the flexibility of Linux's
> netfilter is more important than the performance of OpenBSD's pf. :-()
>
> Nevermind that Immunix 7 is based on Red Hat 7.0, which Red Hat has
> EOL'ed
> for March 31 also... does anyone know what's up w/ WireX/Immunix? I'd
> guess someone here has had more recent contact with Crispin, Seth, or
> other folk up in Portland than I have. (Yes, John, I think you're right
> about one degree of separation; maybe two, but certainly not anything
> like
> six.)
>
> I'd particularly like to hear any gossip about CryptoMark, or field
> reports of deploying/using SubDomain.
>
> -Peter
>
> --
> Peter Watkins - peterw@tux.org - peterw@usa.net -
> http://www.tux.org/~peterw/
> Private personal mail: use PGP key F4F397A8; more sensitive data? Use
> 2D123692
> <mime-attachment>
_______________________________________________
sg-dc mailing list
sg-dc@securitygeeks.com
http://securitygeeks.shmoo.com/mailman/listinfo/sg-dc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic