Fedora Server Spin

Horst H. von Brand vonbrand at inf.utfsm.cl
Fri Jan 12 12:40:19 UTC 2007 

Rui Miguel Silva Seabra <rms at 1407.org> wrote:

[...]

> FSS should, by default and if nothing else specified, install the
> minimal for:
> 	* remote access (aka ssh)
> 	* audit
> 	* be prepared for "yum install ..."
> 	* no "might be useful" services installed, only people who
> 	  should know "best" should install servers, specially if
> 	  connected to the internet :)

Yep.

> Questions about packages that FSS could ask on interactive install:
> 	What kind of server do you want?
> 		[ ] Web Server
> 		[ ] Email Server
> 		[ ] Database Server
> 		... (other choices, you get the gist I hope)

This is mostly the selection of groups to install.

> 	Inside each of those maybe some questions like:
> 		[ ] password for X
> 		[ ] typical configuration { A or B or ... } for Y
> 		... (other choices, you get the gist I hope)

Hum... I'd go for "Installed, but disabled by default." (or whatever is the
fail-safe option, i.e. SELinux enabled, no root login except on the
console, ...) + "To set up for X do Y" type documentation here. Presumably
they know what they are doing, and their setup most probably won't fit any
"standard". Nice side effect is that it is simpler that way ;-)

> Configurations:
> 	Secure by default
> 		* no default passwords
> 		* no service shall start automatically unless it can
> 		  have a secure default configuration
> 		* root only by sudo, but without direct access to a
> 		  shell (for improved audit-ability)
> 		* selinux activated
> 		... (other choices, you get the gist I hope)

Just one option is simpler, and so harder to screw up upstream (this is
critical), and gives people time to look at the various pieces having the
full documentation (and web access, etc) at hand. This is one of my gripes
about the installation process: You have to decide on stuff without data,
and either you decide right now or you can't go on.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513

More information about the fedora-devel-list mailing list