2014-06-17 15:04 GMT+02:00 Matthew Miller <mat...@fedoraproject.org>:
> I was looking at https://fedorahosted.org/fesco/ticket/1311, and it > occured > to me that we don't ship the selinux troubleshooting tools by default in > the > minimal cloud image (add 'em if you need them). We do leave _audit_ there. > > What do people think about removing it? (As noted in the ticket, it's > mostly > useful with configuration, not in the default state.) > Note that having the *userspace audit package installed* and having *audit syscall auditing enabled* are not the same thing; in fact the proposed way to disable syscall auditing *requires* the audit package. I don’t have a very strong opinion on either one from a “security” point of view. Beyond that, generally I’m not too enthusiastic about having the various products too different in configuration defaults in ways that are not obviously expected for the product in question (i.e., a “purposefully minimal” image removing packages from the default set is expected; the same image changing the syscall audit configuration is, I think, not). Mirek
-- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
