On Thursday 10 July 2008 14:53:14 Stephen John Smoogen wrote: > >> - removing module files shipped with the kernel to disable features, > >> which is an impressively hacky and bad way to do it (Maintaining lists > >> of modules to remove sounds like so much fun.) > > > > There is no other way of ensuring wireless cannot be used. This is > > definitely hacky and I've asked for this to be made better. rm -rf is not > > acceptable as a long term solution. > > I thought I eard that a group had come up with a stopper-module for > the kernel.
I'd like a link to that to check it out. If its a kernel module is it upstreamed? > You add it and you can't remove it or add anything else > afterwords.. I think that is what one site was doing to stop the > wireless installation. > > >> - decries IPv6 as being new and untested, when it predates the existence > >> of RHEL by 5+ years (and is actually pushed to be default in > >> RHEL by... government standard. ;) ) > > > > The problem is that many places do not need it. So, going with the theory > > of get rid of what you don't need - we have to show people how to disable > > it if not needed. If you had it disabled back when that IPv6 kernel flaw > > came along last year, you didn't have as much to worry about. This is > > what its all about. > > When I was talking with STIG people a year or so ago.. they were split > on it. They had a mandate to have as much of the guides done for IPv6 > with people saying the backbone was going 100%ipv6 by 2010, and then > you had to make sure it was done securely. The govt is big. What .mil does may or may not have anything to do with what .gov does. They may switch to IPv6, but all the front facing website and desktop systems of workers inside the civilian part of the govt may be IPv4 for a while. The NSA guidance is for all branches. It says how to configure if needed and how to disable if not needed. (Although the instructions for disabling are wrong and need fixing.) -Steve _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
