On Mon, Apr 12, 2010 at 04:55:44PM -0500, Harrison, Jonathan wrote: > > What packages need to be removed from an installation to make sure > that packages cannot be compiled on the system? Obviously gcc is > one, but what others? I am going to have a system dedicated to > building packages for all of the other systems. > > Is this an exercised best practice?
Other than the development packages mentioned by others, if you want to make a system unable to build RPM packages, get rid of the 'rpm-build' package. Is this a best practice? I've heard the argument that one should get rid of compilers on servers for system security. Also, any additional packages on a system adds to the number of possible vectors of attack. -- Jonathan Billings <[email protected]> College of Engineering - CAEN - Unix and Linux Support _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
