Fedora Server Spin
Rui Miguel Silva Seabra
rms at 1407.org
Fri Jan 12 11:00:56 UTC 2007
Sex, 2007-01-12 às 00:58 -0500, Warren Togami escreveu:
> Arthur Pemberton wrote:
> >
> > Selfishly, I would like to see:
> > * freenx/nx
> > * xfce
> >
>
> I would think that a Server spin would have either "Necessary" or
> "Typical" things. The examples above are neither, for a server at least.
>
> Perhaps it would be a good thing to come up with written guidelines to
> what belongs in Server and what doesn't?
>
> NOTE: Excluding something from Server because it is very atypical does
> not mean it is unavailable. If you want them, you can always install
> via yum after you have the system online.
FSS should, by default and if nothing else specified, install the
minimal for:
* remote access (aka ssh)
* audit
* be prepared for "yum install ..."
* no "might be useful" services installed, only people who
should know "best" should install servers, specially if
connected to the internet :)
Questions about packages that FSS could ask on interactive install:
What kind of server do you want?
[ ] Web Server
[ ] Email Server
[ ] Database Server
... (other choices, you get the gist I hope)
Inside each of those maybe some questions like:
[ ] password for X
[ ] typical configuration { A or B or ... } for Y
... (other choices, you get the gist I hope)
Configurations:
Secure by default
* no default passwords
* no service shall start automatically unless it can
have a secure default configuration
* root only by sudo, but without direct access to a
shell (for improved audit-ability)
* selinux activated
... (other choices, you get the gist I hope)
Think "OpenBSD but better" :)
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta ? uma parte de mensagem assinada digitalmente
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070112/b1c34827/attachment.sig>
More information about the fedora-devel-list
mailing list