Fedora Security Minded Install
How would you automate a Fedora install geared for security?
|
just install the current version
|
What sort of Fedora installation? A default installation allows root access to SSH, and also allows (or used to--I haven't done a default installation in awhile), any user to update a signed package without authentication.
A minimal installation still has root access to ssh, but doesn't have PackageKit, eliminating that updating thing I mentioned. For general security though, you are usually alright if you have a reasonably strong password. If you're running servers that are reachable through the Internet, you should take further precautions. |
Quote:
https://www.redhat.com/products/ente...rhn-satellite/ |
well on a server YES invest in RHEL
fedora has no business being installed on a production server home use the fedora default is fine for most the fedora docs http://docs.fedoraproject.org/en-US/...ide/index.html and http://docs.fedoraproject.org/en-US/...icy/index.html slightly old http://www.techradar.com/us/news/sof...-system-915651 |
who said anything about putting fedora as a server? the OP asked about
Quote:
There are free, as in beer, clones of Satellite that could be used too. |
I have an idea that might work - kickstart. There is an option to add a post install script in a set environment. You can use bash interpreter and make required security changes as needed (disable root access, change port number, pubkey auth only, etc for ssh, for example) using this script.
This would make it convenient to install many different machines with identical security profiles. I have never tried this - just an idea! Hope this helps. |
All times are GMT -5. The time now is 02:09 PM. |