K.S. Bhaskar on 27 Aug 2015 09:53:34 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Automatic provisioning of highly secure linux environments


Coincidentally, I just ran across rlsd (http://rlsd2.dimakrasner.com/) over lunch.

-- Bhaskar

On Thu, Aug 27, 2015 at 12:15 PM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
Depending on what exactly you want to do, Tiny Core Linux (http://tinycorelinux.net/) is worth a looksee. In the past, when I need to create robust fast-booting virtual machines, I would pair a Tiny Core (or Micro Core as it was called then - it's just Core now, and has a full Linux image under 10MB) with a hard drive image with needed extensions (when Tiny Core boots, it automatically looks for extensions in the first hard drive, and mounts each extension as a gzip'd loop device).

Regards
-- Bhaskar


On Thu, Aug 27, 2015 at 12:01 PM, Paul Walker <pjwalker76@gmail.com> wrote:
Debian!

On Thu, Aug 27, 2015 at 11:35 AM, brent timothy saner <brent.saner@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/27/2015 10:58 AM, Paul Walker wrote:
> This is a pretty broad question, but there's a lot of talent on this
> list that I'd like to hear from..
>
> Assuming that I need to set up an arbitrary number of server
> environments for serving web applications and would like to create a
> repeatable (scripted), highly secure process for doing so, I'm curious
> what people's go-to tools are and especially:
>
>  • is anyone using 3rd-party / paid services that they are happy with
> that include system provisioning, monitoring, firewalls and other strong
> security measures
> • what software / frameworks do people use for deployment / provisioning
> / monitoring and security
>
> Any thoughts / feelings are greatly appreciated..
>
> Paul

Paul-

What distro?

No matter what you pick, I highly recommend iPXE (and serving the iPXE
image via vanilla PXE). The menu system supports scripting (and can even
be php-driven), making it a large win.

That aside, I ask which distro because many support this as part of
their base install methods. CentOS/RHEL (and others- I think SUSE as
well?) supports kickstart, Debian and Ubuntu support preseeding. From
there, you can execute arbitrary commands and such as part of the
install process. I can provide further information and documentation
depending on which distro you're trying to operate on.

If you'd like some interactive help with this, ping me (r00t^2) in #plug
or #sysadministrivia on Freenode IRC.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJV3y4wAAoJEIwATC+TSB9rlDEP/05ZHuI+eY98O8OHLaFqEnyV
V5xAQAGJnpLZazTIXlZlNwPJRnm7pOubNGFVis/fusgunX1j1h3Derdfopl7/LWI
R2aoTL9q7lrBnESciNINnclFYpYrXGxD3q4eda6dGGzyeR1yqoThJGKOq5neQv0U
ILXVTZbm8yPKiRySKd1Pls896tDalQ8oZj7KaL2E23I4tnUwr0ck1EQNxjUAo42X
Nx+papv4qQAC4mU98e/Ye1aVnZl8AOvsZRbnxE/kQGvsh6yvEJCynt1E2dQJEwOc
xIXaM78nalbctEGQNuNK07qobzvIAF/XC5PiK4SHOcdljGFZVVeLXdulWCVNuUl+
v9KK4lyyKlMLIFyBqUeIlz8vWFXm17crsqH8BsOviqop6DfFjN6gsmXjzX2h4l/Z
cxCCCPh+pAQ80KGLfsicYjaD/OBml9O6bUaAoR5CJ0/btuTt/3TB06IMdWnmH0IP
h5l7n+VegJxbVdg1ZyTNcbYbzkAE6c9SPf/QUzTIxlBZdvAwvXAd2D4h08wS8E9S
k6QWA2CM73ZhyyzuANycLofb/53ERWEA22H1AMzCpVjSB4fdqoCb2F8Phb+veu1w
VcafyG+9x1tkyUWAol4Wr8w4AfXpANfBThVWRy4dfa2SDz7nETkz9Uix8DY8JgAU
k77cvjNt0fyj9o+gvJ9X
=N2gz
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug