LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-03-2011, 11:21 AM   #1
idlehands
Member
 
Registered: Mar 2010
Distribution: zLinux, RHEL, Ubuntu, SUSE
Posts: 50

Rep: Reputation: 16
Minimal RHEL 6


I'm playing around with the RHEL 6 install so as to create a minimal install image to be used as a generic node for a cloud. I posted this in the security section as reducing the number of services etc seems like a security activity, i.e. reducing the running processes to minimize the attack surface.

Anyways, looking through linux from scratch etc, and the NSA hardening list I'm a bit overwhelmed. Anyone have hints on any good documentation saying what is really needed for a basic system with network/ip/arp/eb rules?
The RHEL 6 minimal basic puts in a c/c++ compiler along with other things. that seems unnecessary to me for a basic minimal install.
 
Old 05-03-2011, 11:29 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
The minimal install doesn't install a compiler at all... Are you looking at libgcc?? That's not gcc itself but shared libraries for error handling etc. if you are not installing Base then there are only 200 packages all in. Admittedly my just built system does have 810mb used, but still not installing X or compilers or anythign like that.
 
Old 05-03-2011, 10:03 PM   #3
rhbegin
Member
 
Registered: Oct 2003
Location: Arkansas, NWA
Distribution: Fedora/CentOS/SL6
Posts: 381

Rep: Reputation: 23
In our VMware vSphere 4.1 environment with RHEL6 I have to install the gcc compilers due to the vmware-tools install.

I would prefer not to since it adds possible security areas, however I do not install X windows components and I turn off unneeded services.

I have found running RHEL6 vm's x86_64 they boot extremely fast and they perform better in performance compared to RHEL5.

I really like RHEL6 x86_64, I always go with 64-bit because of the memory and it seems to run better than 32-bit.

Some of the locations are different, I am going to take my RHCE renewal in 6 I am waiting on the book from Michael Jang to come out.

I have ran into one problem with apache virtual domains with logging, I leave SELinux enabled and this is not the problem. When I setup
the /var/www/virtual/domain_name (when I create my logging to rotate in this directory) the logs are rotating but not archiving.

I may have to ask Red Hat to see what is different, in RHEL5 it worked perfectly.
 
Old 05-04-2011, 02:15 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
One thing I absolutely will criticise about the rhel6 core build... 227 packages and one of them is ivtv-firmware?? wtf is it installed firmware for a tv card?? All I'm currently doing in our base kickstart is adding in ruby and puppet and then removing everything with "firmware" in the title, nothing else at all as puppet can fine tune that later on. It's a pretty good base system then.
 
Old 05-04-2011, 08:02 AM   #5
rhbegin
Member
 
Registered: Oct 2003
Location: Arkansas, NWA
Distribution: Fedora/CentOS/SL6
Posts: 381

Rep: Reputation: 23
Quote:
Originally Posted by acid_kewpie View Post
One thing I absolutely will criticise about the rhel6 core build... 227 packages and one of them is ivtv-firmware?? wtf is it installed firmware for a tv card?? All I'm currently doing in our base kickstart is adding in ruby and puppet and then removing everything with "firmware" in the title, nothing else at all as puppet can fine tune that later on. It's a pretty good base system then.
I agree, like in RHEL5 or the free distro with Red Hat stripped out CentOS5, services like bluetooth, cpuspeed, and I can list several others are 'turned on' by default.

I have a list of services to stop/turn_off in a txt file, I do on the front-end.

One thing with RHEL6 is the PHP5 version that is from the channel, I am building a new VM with CMS Made Simple 1.9 I believe and using RHEL6 x86_64 I hope it goes ok...

I set this up for another customer (I work at an ISP), however this one I need to have the administration log-in https and the normal http of course on port 80.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 6 Wont Perform a Minimal Install carlosinfl Red Hat 5 01-06-2011 09:18 AM
RHEL 5.3 minimal install tom_sawyer70 Red Hat 4 07-06-2009 09:34 AM
RHEL 5 - choosing packages for a minimal embedded system lqcaveman Linux - Newbie 1 05-06-2009 03:24 PM
Login problems with XDMCP from a pre-RHEL-4 client to a RHEL-4 server running KDE cspao Red Hat 0 07-21-2006 07:30 AM
Java 1.4.2.X on RHEL 3 Minimal install ajwynn Red Hat 0 04-26-2005 06:41 PM


All times are GMT -5. The time now is 08:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration