On Wed, Jul 9, 2008 at 1:52 PM, Bill Nottingham <[EMAIL PROTECTED]> wrote: > Ed Brown ([EMAIL PROTECTED]) said: >> I suspect many of us would love to see a minimal, hardened installation >> option, or version, or channel or however it might be implemented, but >> out-of-the-gate it would substantially meet configuration 'guidelines' >> such as <http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf>. (or >> those from CIS, NIST, etc) > > We're all for sensible security by default.
I think a serious conversation about what customers perceive to be sensible security might be a good thing. Nothing is going to fit right for everyone, Every time I think about how many things I need to disable and/or remove from a server I do get a little cranky. Perhaps some of us in the community could suggest concrete examples of how we would like to see a RHEL server installed and configured out of the box? > Intentionally crippling the X server, removing module files shipped > with the kernel, and claiming that RFCs enacted 12 years ago are 'new' > and therefore scary? > > Not sensible. Crippling? How about an option to avoid the X server altogether? Even if buried in one of the default package options there is some system-config-* package that requires it? I think the bottom line is that unless the community can organize itself to give some concrete guidance to Red Hat about what we really want to see it is unlikely to materialize. John _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
