Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-factory (297 mails)

< Previous Next >
Re: [opensuse-factory] Making the basesystem smaller
  • From: "Gaël Lams" <lamsgael@xxxxxxxxx>
  • Date: Mon, 22 Jan 2007 13:35:35 +0100
  • Message-id: <b93ea24d0701220435n173e22c1l7e0a7bdb4b51a5db@xxxxxxxxxxxxxx>
Here's a proposal for a "Definition Base System":
Multiuser system with:
* Local login (via /etc/passwd)
* network setup via ethernet
* default filesystems used (ext3) directly (without evms, lvm,
mdraid etc)
* no services running by default

My questions for discussion are especially the following:

* What do you think of this? Do you have better ideas?

* Is the "base system definition" ok? What's missing - or is it still
too much or should made clearer?

I think it's a great idea (and I hope that it's something that will be
then apply to SLES version:-)

I like the idea of having no services running by default. In fact I
would see this base system as a system more secure by default.
For instance I would had the removal of various users in /etc/passwd
that should be added only when you install the relevant packages (lp,
news, ....)

Maybe, instead of modifying the base system (which could maybe confuse
users), a "minimal system" pattern could be created. Regarding what
should be included in this minimal pattern, I would be minimalist,
even if it would mean for me to have to install a few packages once
the installation if finished: it's always more dangerous to remove
packages and users than to add them (the first version of my hardening
script used to remove the news user and the relevant folders in /var
creating a problem in syslog-ng because it was trying to set
permissions on folders that were not existing anymore).

For instance, in a minimul system, I would have only one software "per
category". For instance only one shell. As to which software to
choose, I immagine that it will be impossible to make everyone happy
but as I said above, I prefer to have something to add that something
to remove.

Your suggestions (Local login (via /etc/passwd), network setup via
ethernet, default filesystems used (ext3) directly (without evms, lvm,
mdraid etc), no services running by default) makes really sense to me.
Obviously, only the relevant yast packages should be included

Kind regards,

Gaël
< Previous Next >
References