Re: Secure Kickstart Installation

• Previous message: Jon Hart: "Re: Secure Kickstart Installation"
• In reply to: Mathieu KRETCHNER: "Re: Secure Kickstart Installation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Mathieu KRETCHNER <m.kretchner@siig.u-bordeaux.fr>
Date: Fri, 27 May 2005 05:01:29 +0100

Sorry, but that's not a good idea from a security standpoint. It goes
against basic security practises. This is a security list, right?
It means that if there are any vulnerabilities in any of the packages
(and that happens often enough) you should upgrade all the machines
(even though they may never use the software in question), not to
mention the bugs for which there is not fix available.
Now, when it comes to RHEL 3 (or most Linux distros for that matter),
there are far too many packages and services that are installed by
default, even with a minimal install. I still can't figure out why I
would need a minimum of 600MB of disk space to install a bare system
with vi... (especially when Slackware or DSL allows you to have a system
with a desktop under 50MB)

Antoine

On Wed, 2005-05-25 at 10:02 +0200, Mathieu KRETCHNER wrote:
> Hi,
>
> Me and my team have installed approximativly all the packages. But we
> have choosen to configure only services that we need. So we can add
> services withtout new installation !
> For my own it's a political choice.
>
> Regards.
>
>
> Jennifer Fountain a écrit :
>
> >Hi all:
> >
> >I am looking to create a secure standard kickstart configuration file
> >for my RHEL 3 servers. Right now, I am currently looking into what
> >packages I need to install. I want to ensure I install everything I
> >need but not install what isn't needed. Could anyone share with me
> >their package list? Or a copy of their std secure ks?
> >
> >Thanks in advance!
> >
> >Kind Regards,
> >
> >Jennifer Fountain
> >Systems Administrator/Security
> >R&B Distribution
> >3400 E Walnut Street
> >Colmar, PA 18915
> >
> >.
> >
> >
> >
>

• Previous message: Jon Hart: "Re: Secure Kickstart Installation"
• In reply to: Mathieu KRETCHNER: "Re: Secure Kickstart Installation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: zero install - serious critiques? ... no security updates or whatever I guess ... > whole os if they zero install some malware since the zero install ... "APT relies on a database to keep track of what's installed and what ... Some packages have been ... (Debian-User) Re: New user Q: Best way to stay up to date on "testing"? ... > understand the entire Debian environment and need a little advise. ... > I was reading the security FAQ and am somewhat alarmed to find (if I ... > packages, most of which seem to be related to X (we won't ever be using X ... Only install the packages that your really need to have. ... (Debian-User) FS: Complete Linux Recording Package Ready To Roll. ... How to install Rehmudi-2.0 ... if you don't have any sound, ... dependencies of Agnula Packages ... ... from the new kernel. ... (comp.os.linux.misc) Re: Complete Linux Recording Package Ready To Roll. ... How to install Rehmudi-2.0 ... if you don't have any sound, ... dependencies of Agnula Packages ... ... from the new kernel. ... (comp.os.linux.misc) Which debian sources to use to install to Knoppix 4.0.2? ... running into a problem when I install software to version 4.0.2 that I ... Check out the list of extra packages to be installed, ... akregator ark cupsys cupsys-bsd cupsys-client gcc-4.0-base gs-common ... kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh kdf ... (comp.os.linux.misc)