Subject:
|
Re: NQC in Boston University Linux :)
|
Newsgroups:
|
lugnet.off-topic.geek
|
Date:
|
Fri, 7 Apr 2000 04:24:06 GMT
|
Reply-To:
|
mattdm@mattdm.org+spamless+
|
Highlighted:
|
(details)
|
Viewed:
|
172 times
|
| |
|
|
Matthew Miller <mattdm@mattdm.org> wrote:
> Major differences are:
Oh yeah: those major differences are RH 6.[01] -> RH 6.2. RH 6.2 -> BULinux:
- includes nqc :)
- uses bash version 2; none of this bash w/ optional "bash2" silliness
- kerberos4 (via a pam module -- much nicer than needing every app to be
made to support krb4)
- autorpm gets (and optionally auto-installs) our gpg-signed updates
- includes openssh (since we're educational, we can link against rsaref)
- includes more stuff -- aspell, abiword, bsdgames, curl (w/ssl), gaim
(ugh, but popular request), lavaps, memtest86, nasm, nethack,
sudo, vacation, weblint, etc
- includes baseline, our in-house network-based tripwire-like system
- includes Donald Becker's ethernet card utils
- experimental afs support via arla
- has pretty BU Linux logos
- includes WindowMaker session-type option (if you don't like either Gnome
or KDE)
- network install autoconfigured for our network/servers
- xntpd configured to sync with our timeservers
- modified lilo (yay asm coding) supports password=* option, which, in
combination with the restricted flag, makes it possible to configure lilo
to be secure by default. (no init=/bin/sh)
- /etc/nsswitch.conf isn't broken by default (no references to nis. if
nis is enabled, a different nsswitch.conf with nis support gets copied in)
- ph, for doing lookups in our qi database
- useradd -K automatically sets up an account compliant with our global UID
system (necessary for backups, and a @#!$ good idea for kerberos).
accounts with UID < 3000 are considered local and won't kerberos
authenticate.
- rshd intentionally broken. Our operations people are really attached to
it and won't do backups for machines without it running (they like it for
admin purposes; it's not technically necessary). Unfortunately, it's evil
and makes security headaches multiply like rats in the back bay in
spring. So our version only allows connects from key operations machines.
- sendmail runs in _client_ mode by default. (duh.) Also, expn and vrfy
disabled. Considering moving to postfix.
- NOTHING enabled in inetd by default. (but we do run it anyway -- admins
expect to be able to just uncomment a line and have stuff go)
- hosts.allow/hosts.deny locked down by default (ssh allowed, that's all)
- if root runs X, a full screen message pops up explaining why that's
discouraged. (future plague of linux virii, mark my words...)
- lotsa other cosmetic and small changes
--
Matthew Miller ---> mattdm@mattdm.org
Quotes 'R' Us ---> http://quotes-r-us.org/
|
|
Message has 1 Reply:
 | | Re: NQC in Boston University Linux :)
|
| (...) yup, I installed it in /usr/local for all the dept. :) (...) bash? zsh :) (...) nod, pam is nice. (...) nog... heh, if you have to put gaim, put licq too? (unless gaim is not what I think it is...) (...) mmmm... tripwire - let's me snoop on (...) (24 years ago, 7-Apr-00, to lugnet.off-topic.geek)
|
Message is in Reply To:
| | Re: NQC in Boston University Linux :)
|
| (...) Oh man, have I ever looked at it. This release of BU Linux is actually based on RH 6.2. Major differences are: - kerberos5 support (urg. we use kerberos4, so that's more annoying than helpful) - 128 bit netscape navigator by default - includes (...) (24 years ago, 7-Apr-00, to lugnet.off-topic.geek)
|
18 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
