Removing System Consoles from Fedora

Rick Stevens ricks at nerd.com
Tue Sep 16 17:20:06 UTC 2008 

Lyvim Xaphir wrote:
> On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:
>> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>>> As I said...I don't agree with it...I'm just saying that I understand
>>> the thinking behind it.
>> Sorry, but I think you don't. You might want to read Alan Cox's message
>> on the fedora-test list:
>> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.
>>
>> poc
>>
> 
> 
> It's still a stupid idea.  There's no good reason to get rid of the vt
> consoles; they've been there for a very long time on rh, I use them all
> the time.  As does alot of other people.  As one other user pointed out
> on the link that *you provided, the lack of vt consoles is the number
> one problem with another distro, according to it's users.

There are reasons for disabling consoles, however the term "good" is
subjective.  For example, PCI compliance says that you must render the
machines as physically difficult to get into as you can.  We, for
example, do the following:

1. Machines do not have X installed and boot to run level 3
2. /etc/inittab modified to NOT spawn gettys on the VTs
3. /etc/inittab spaws serial port getty connected to a serial KVM
4. grub configured to also use the serial port for its console

This is in addition to them being in cage with a deadbolt lock on the
door, and the cage being in a data center with physical access
restrictions, cardkey access and video surveillance.  Yes, it's a bit
onerous, but it is required.  Whether you think they're "good reasons"
is irrelevant.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                       rps2 at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-  Any sufficiently advanced technology is indistinguishable from a  -
-                              rigged demo.                          -
----------------------------------------------------------------------

More information about the fedora-list mailing list