On 2014-08-08 12:35, Robert Moskowitz wrote:
On 08/08/2014 06:36 AM, Gordan Bobic wrote:
On 2014-08-08 11:17, Robert Moskowitz wrote:
On 08/08/2014 02:31 AM, Gordan Bobic wrote:
On 08/08/2014 02:26 AM, Robert Moskowitz wrote:
Where is iptables? No /etc/sysconfig/iptables (or ip6tables).
iptables
is running.
yum install iptables
?
Yeah, I guessed that after I vented.
But not having sshd in minimal? Strange, but then if I am
mismatched
on armv then that might explain it.
The idea of the rootfs is that it is _really minimal_, and you yum
install whatever else you need after you get it up and running.
I am beginning to see how minimal it is!
It is deliberately so. The rootfs download is big as it is.
Minimal is one thing. Safe is another. I can understand ssh not
there, kind of. But not iptables.
Minimal takes precedence in this case.
iptables won't make any difference on a minimal image that hasn't
got any remotely accessible services listening.
Except to get additional software, and to apply updates, you TEND to
need network access and the scanners are out there. Just my natural
paranoia.
They may be able to tell the machine exists, but that won't help
them get into it if no services are listening; unless you have
a remotely exploitable kernel bug in your IP stack - and in that
case iptables and selinux are unlikely to help you.
I guess because security is my line of work. Granted I design secure
communications and identity technology (I co-chaired IPsec, and am
the
author of HIP), but I do think more broadly of security.
ANd then I had a thought and no /etc/sysconfig/selinux, meaning no
selinux.
Vast majority of ARM machines ship with kernels that don't
have SELinux built in.
I will have to look into the SunXi kernel that I am using. And see
what the F21 has.
If you are using a kernel built by Fedora/Ubuntu/Debian guys,
those probably do include SELinux (or something equivalent and
incompatible). I am talking about the kernels that manufacturers
ship with their devices (e.g. the ChromeOS kernel on the
Chromeboooks).
Gordan
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
