|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] minimization of RH-based Linux server config post-install?
|
On Wed, Oct 18, 2006 at 11:54:46AM -0400, bergman@merctech.com wrote:
> I'm looking for suggestions for minimizing an installed OS
Some heuristics based on my RHEL experience:
Default installation gives you a decent default iptables configuration, and
you can even poke an SSH hole in the standard installation. However, I
tighten iptables to only allow selective systems to access specific services.
You'll want to chkconfig off anything you don't need (for some reason they
think every system has PCMCIA and IRDA and will use NFS). For each service,
turn it off, see if your application breaks, if so turn it back on.
Set up a password for single-user access if that's your thing.
/etc/inittab --> su:S:wait:/sbin/sulogin /dev/console
/boot/grub/grub.conf --> encrypted password
BIOS --> password protect, control bootup sequence
Physical --> lock system
If you're going to uninstall, RPM lets you know what's dependent on what
else. Just start removing things via rpm and it'll tell you what else you
need to remove. The YUM package management with Scientific Linux will allow
you to install or uninstall entire groups of RPMs using Package Groups (a la
the installer), e.g.
"yum groupremove 'X Window System'"
Dan W.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|