On 08/08/2014 08:19 AM, Gordan Bobic wrote:
On 2014-08-08 12:35, Robert Moskowitz wrote:
On 08/08/2014 06:36 AM, Gordan Bobic wrote:
On 2014-08-08 11:17, Robert Moskowitz wrote:
On 08/08/2014 02:31 AM, Gordan Bobic wrote:
On 08/08/2014 02:26 AM, Robert Moskowitz wrote:
Where is iptables? No /etc/sysconfig/iptables (or ip6tables).
iptables
is running.
yum install iptables
?
Yeah, I guessed that after I vented.
But not having sshd in minimal? Strange, but then if I am
mismatched
on armv then that might explain it.
The idea of the rootfs is that it is _really minimal_, and you yum
install whatever else you need after you get it up and running.
I am beginning to see how minimal it is!
It is deliberately so. The rootfs download is big as it is.
Minimal is one thing. Safe is another. I can understand ssh not
there, kind of. But not iptables.
Minimal takes precedence in this case.
iptables won't make any difference on a minimal image that hasn't
got any remotely accessible services listening.
Except to get additional software, and to apply updates, you TEND to
need network access and the scanners are out there. Just my natural
paranoia.
They may be able to tell the machine exists, but that won't help
them get into it if no services are listening; unless you have
a remotely exploitable kernel bug in your IP stack - and in that
case iptables and selinux are unlikely to help you.
I was thinking this after I posted. But then the installer better get
the order right in installing stuff.
I guess because security is my line of work. Granted I design secure
communications and identity technology (I co-chaired IPsec, and am the
author of HIP), but I do think more broadly of security.
ANd then I had a thought and no /etc/sysconfig/selinux, meaning no
selinux.
Vast majority of ARM machines ship with kernels that don't
have SELinux built in.
I will have to look into the SunXi kernel that I am using. And see
what the F21 has.
If you are using a kernel built by Fedora/Ubuntu/Debian guys,
those probably do include SELinux (or something equivalent and
incompatible). I am talking about the kernels that manufacturers
ship with their devices (e.g. the ChromeOS kernel on the
Chromeboooks).
I am working with the F19 remix which I believe was put together by Hans
de Goede who has a redhat.com email addr. And it does come with selinux
installed.
He is also doing the uboot work for the cubieboards. F21 already has
the CubieTruck included, but for my Cubieboard2, he has provided me with
the needed commands to pull down from his git repository and build the
uboot until he gets it rolled in directly.
Though I am working on the F21 arm testing, it is the F19 that I will
use for Redsleeve and of course Centos 7 for arm.
So back to it for now. I have figured out how to use parted to build my
card right. Next I need to work out how to tar the f19 files together
so I can more easily tar them onto a new card (or drive when I get to
that point). The real challenge will be working out the fstab and then
the monitor/kydb.
THEN I will get back to this other stuff.
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
