Ed Brown ([EMAIL PROTECTED]) said: > I suspect many of us would love to see a minimal, hardened installation > option, or version, or channel or however it might be implemented, but > out-of-the-gate it would substantially meet configuration 'guidelines' > such as <http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf>. (or > those from CIS, NIST, etc)
We're all for sensible security by default. Intentionally crippling the X server, removing module files shipped with the kernel, and claiming that RFCs enacted 12 years ago are 'new' and therefore scary? Not sensible. > As an aside, I'd also like to see expanded RedHat involvement with the > guideline developers, so there's less bad or arbitrary advice in them, > or recommendations that directly contradict RedHat documentation. It would be nice, but my experience has been that people who spend their time 'consulting' about things get upset when you tell them that their snake oil is filled with crack. Bill _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
