Re: Secure Kickstart Installation

lists_at_hostinthebox.net
Date: 05/24/05

  • Next message: Mathieu KRETCHNER: "Re: Secure Kickstart Installation" 
    Date: Tue, 24 May 2005 11:58:16 -0700
To: Jennifer Fountain <jfountain@rbinc.com>, focus-linux@securityfocus.com

    Jennifer Fountain wrote:
    > Hi all:
    >
    > I am looking to create a secure standard kickstart configuration file
    > for my RHEL 3 servers. Right now, I am currently looking into what
    > packages I need to install. I want to ensure I install everything I
    > need but not install what isn't needed. Could anyone share with me
    > their package list? Or a copy of their std secure ks?
    >
    > Thanks in advance!
    >

    Jennifer -

    Check out the kickstart-list@redhat.com list for more tips - but I ended
    up taking a comps.xml file from a FC3 install and edited it to my
    tastes. I modified @base and @core to only include what I thought I
    needed, then added individual packages afterwards.

    Unfortunately, I'm on the road, and none of this info is with me at the
    moment. However, if you take a look at the ...base/comps.xml file for
    pointers, you'll see exactly what I'm talking about.

    Hope that helps
    -dant

  • Next message: Mathieu KRETCHNER: "Re: Secure Kickstart Installation"

    Relevant Pages

    • Re: OT: Whats the deal with Ubuntu?
      ... > would flow from Fedora to others. ... without a destructive installation, ... > backporting may not be suitable for servers anyway. ... > If you are interested in helping out, working out the packages ...
      (Fedora)
    • Re: build packages recursively from ports collection
      ... > I want to use some of our freebsd servers to build .tgz binaries from the ... I would like to install the packages with pkg_add on ... > My main problem is how to build packages on servers without installing them! ... > install the packages with pkg_add on different workstations. ...
      (freebsd-questions)
    • Re: lp service not reading ~/.printers
      ... > servers. ... > Recently I manually removed the Sun Studio 8 install ... > by removing all the SPRO* packages. ... If the print queue was defined on your system in /etc/printers.conf, ...
      (comp.unix.solaris)
    • Re: minimizing downtime on upgrades? (for example: mysql 4.1 -> 5.0 or php)
      ... We go to extra lengths and allow only pkg installs on servers. ... that no random library pollution takes place. ... A good way would be to test this very update with packages on a test ... That is, install mysql4, produce your mysql5 packages somewhere ...
      (freebsd-stable)
    • Re: Secure Kickstart Installation
      ... but that's not a good idea from a security standpoint. ... It means that if there are any vulnerabilities in any of the packages ... even with a minimal install. ... >>I am looking to create a secure standard kickstart configuration file ...
      (Focus-Linux)