Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1e47c493458092b08701178d3a988b6f@pricom.com.au>
Date: Sat, 04 Jul 2020 22:56:58 +1000
From: Philip Rhoades <phil@...com.com.au>
To: owl-users@...ts.openwall.com
Cc: Solar Designer <solar@...nwall.com>
Subject: Re: First post - OWL looks really nice! - Q1

Alexander,

Thanks for the response! - see inline comments:


On 2020-07-04 22:40, Solar Designer wrote:
> Hi Philip,
> 
> It is surprising to see renewed interest in Owl now that the project 
> has
> been on hold for a few years.  I guess this might be related to the
> recent LinuxSecurity article, which I also found surprising, weird, and
> in some places factually wrong:
> 
> https://linuxsecurity.com/features/features/7-best-linux-distros-for-security-and-privacy-in-2020
> 
> For example, I use QubesOS, but I think (and heard Joanna say so) its
> reason to exist and its strongest side is the integration between VMs,
> which the article doesn't even mention.  For Owl, I appreciate them
> acknowledging its influence, and I agree this is what's great about it,
> but much of the rest is factually wrong (e.g. we don't use SELinux) and
> I wouldn't recommend an on-hold project for new users except in some
> special cases (education, intent to take code or ideas from Owl, etc.)
> The article also confuses Owl the distro (which is on hold) with the
> rest of what we offer at Openwall (active projects and services).
> 
> I don't know if this article is what brought you to here, but I guess 
> it
> might have.


No but I will have a look at the article.  I was actually looking for a 
non-systemd Fedora-based distro and OWL was the only one result found 
by:

   https://distrowatch.com


> On Sat, Jul 04, 2020 at 11:19:07AM +1000, Philip Rhoades wrote:
>> OK, I have made a little progress - this my current OWL VM ifcfg-eth0:
>> 
>> DEVICE=eth0
>> BOOTPROTO=static
>> IPADDR=192.168.122.206
>> NETMASK=255.255.255.0
>> NETWORK=192.168.122.0
>> BROADCAST=192.168.122.255
>> GATEWAY=192.168.122.1
>> DNS1=192.168.122.1
>> 
>> and this allows me to ping and ssh into it from my F31 workstation but 
>> I
>> still can't ping anything from it . . what am I missing?
> 
> You were correct that you needed to provide static network
> configuration.  This is because Owl is primarily for servers.
> 
> You're probably still missing configuration on your F31 host, where
> you'd need to enable IPv4 forwarding and IP masquerading for traffic
> from these addresses leaving your host.


Right - usually when I use the same version of Fedora for the VM as on 
the host for eg - all that networking is done automatically when the VM 
is created - I will look a bit more closely . .


>> On 2020-07-04 03:10, Philip Rhoades wrote:
>> >I am also interested in using OWL for podman containers - I presume
>> >there will also be a networking issue there too?
> 
> We use OpenVZ containers in Owl, not podman.  I doubt you'd be able to
> easily use podman on Owl.


I am talking about the other way around OWL as the container on the F31 
host - it would be a very nice minimal container . .


> Yes, indeed you need proper network configuration on Owl and on the 
> host
> with the Owl VM for networking from containers on Owl to work.


I am guessing that the networking is still going to be an issue . . I 
will get to that later.

I was really impressed with a Fedora-based iso being so small and fast! 
- it would be nice to see how all of that was accomplished but I am 
busier in retirement (on mostly non-profit stuff) than when I was 
employed . .

Thanks for the feedback!

Regards,

Phil.
-- 
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  phil@...com.com.au

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.