Hi At the moment I got the task to build a firewall using Linux. As I am using Debian for my desktop system for over an year, I want to use it for the firewall-basic-system, too. But I have 2 problems:
1. I need an automated installation of the system. It is important that the installation of the firewall can be done in less than a hour because the system will be installed on a large number of computers. I will make .deb's for every piece of additional software that I'm going to compile, configure or install. Therefore I need something like RedHat's kickstart installation. Most of the options specified during the install would get the same values for every install (only the harddisk sizes, the ethernet modules to load and the network configuration would differ). Is there any way to do this with the debian installer ? 2. I need something to verify the system. I know it can be done with tripwire or something equal, but what I really want is to do it with dpkg (I'm thinking of "rpm -Va"). Please correct me if I'm wrong, but as far as I know the PGP-signatures for the .deb's are not included in the files, they are in the .dsc's. The Packages.gz only provides the MD5-sums. What I want is to check every file installed by a package for it's size, date, MD5 and so on (as "rpm -Va" does). I know of a package named "dpkgcert" that should do the trick, but it's only a proposal (according to it's - possibly outdated - documentation). Can I do it with dpkg's database or do I have to use tripwire (which is far to slow to run daily on a heavy-duty firewall) ? In the last 2 months I installed and testet Debian an RedHat on my desktop machine and now I have decided to use Debian, when I'm able to solve the mentioned problems. This decision was mainly influenced by Debian's flexibility and -more important- bullet-proof stability. RedHat is far away from Debian's stability during run- and upgrade-time. I also like how dpkg is able to handle whole system upgrades. But there are also a few points that rpm does better than dpkg: I like the system verification and I think it's easier to build rpm's than deb's (although I only read about doing it and never built any of them for myself). I also do not know if dpkg-source-packages can take more than one patch to be applied to the original source. Please let me know if anybody has an idea on how to solve the problems. Thanks Rene
