I am working to create a new base image for our RHEL5 setups, and I wanted to make sure we are creating a functional, but secure, image. Can anyone point me to some writeup's that might provide some illumination on this potentially daunting task? Basically, I'm concerned about what packages are okay, which should be avoided, and what other caveats that I might not think of when putting this together.

kind of a open question. what do you want the system to do? ex webserver, ldap, vpn, toaster oven?

Hi Laggerific,

As a base without any particular application support you could try:

%packages
@text-internet
@core
@base
device-mapper-multipath
postfix
screen
ntp
compat-libstdc++-33
compat-glibc
vim-enhanced
kexec-tools
openldap-clients
xinetd
strace
sharutils
yum-utils
#------------------------------
-rp-pppoe
-pcmciautils
-bluez-gnome
-bluez-libs
-bluez-utils
-irda-utils
-sendmail
-rsh
-rdate
-ypbind
-yp-tools
-fetchmail
-crash
-autofs
-firstboot-tui
-tcsh
-mtools
-talk
-ifd-egate
-coolkey
-esc
-alacarte
-synaptics
-pcsc-lite
-ccid
-Deployment_Guide-en-US
-pirut
-rmt
-dump


cheers,

kbp

Thanks...I apologize for the broad request. I guess, I was looking for helpful links to information on common pitfalls in creating a secure generic redhat image, and linux image creation best practices.

kbp, thank you, that looks like a good start to begin messing around with.

There is good advice here: http://www.linuxtopia.org/online_boo...ion/index.html .
You might also want to get this moved to the security forum; use the report button.

I was pondering that when I created this. Will do. Thanks for the link, though.

Could you try to define "secure" or describe the reasons for needing it? Anything that could give use a clue?
// BTW as you've seen I've moved your thread.