On 2014-08-08 11:17, Robert Moskowitz wrote:
On 08/08/2014 02:31 AM, Gordan Bobic wrote:
On 08/08/2014 02:26 AM, Robert Moskowitz wrote:
Where is iptables? No /etc/sysconfig/iptables (or ip6tables).
iptables
is running.
yum install iptables
?
Yeah, I guessed that after I vented.
But not having sshd in minimal? Strange, but then if I am
mismatched
on armv then that might explain it.
The idea of the rootfs is that it is _really minimal_, and you yum
install whatever else you need after you get it up and running.
I am beginning to see how minimal it is!
It is deliberately so. The rootfs download is big as it is.
Minimal is one thing. Safe is another. I can understand ssh not
there, kind of. But not iptables.
Minimal takes precedence in this case.
iptables won't make any difference on a minimal image that hasn't
got any remotely accessible services listening.
I guess because security is my line of work. Granted I design secure
communications and identity technology (I co-chaired IPsec, and am the
author of HIP), but I do think more broadly of security.
ANd then I had a thought and no /etc/sysconfig/selinux, meaning no
selinux.
Vast majority of ARM machines ship with kernels that don't
have SELinux built in.
yum install selinux-policy
Additionally, on underpowered hardware like most ARMs are, the
performance hit of SELinux is very non-negligible.
It is one thing to have the root password root at install. It is
another thing not to have the security software in place. At least
say that http://wiki.redsleeve.org/index.php/RootFS
Fair enough, I'll look into adding that bit of info tonight.
Gordan
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
