About this list Date view Thread view Subject view Author view Attachment view

From: Eje Gustafsson (Macahan_at_fament.com)
Date: Mon 20 Jan 2003 - 08:19:44 GMT

AS> Sorry for being a bit annoying about this.
AS> First of all, I want to ask if the following packages are really of a
AS> base rh system requirements:

These are required unless you don't want ssh and initscript. I'm also
almost positive that you can NOT get a install WITHOUT initscript.

>> cyrus-sasl-2.1.7-2.i386.rpm
>> cyrus-sasl-md5-2.1.7-2.i386.rpm

Both these are required by openldap.

>> openldap-2.0.25-1.i386.rpm

This one has libs that are required by libuser.
libuser is required by passwd

So I guess if you do not need passwd then you can skip the above
packages. But to save the space not installing these packages (aprox
1MB rpm size) is in my opinion outweighted by the hassle not to have

AS> Next, I wonder if the following packages are useful in vserver enviroment, please comment:

>> iproute-2.4.7-5.i386.rpm
>> iputils-20020124-8.i386.rpm

I think these are required by initscript. Actually ip and arping in
perticular is required by initscript

"The initscripts package contains the basic system scripts used to boot
your Red Hat system, change runlevels, and shut the system down
cleanly. Initscripts also contains the scripts that activate and
deactivate most network interfaces."

>> modutils-2.4.18-2.i386.rpm
>> mount-2.11r-10.i386.rpm

These are also required by initscript

AS> Finally, can you also provide ls /dev from your vserver environment?

[root_at_vserver dev]# ls -l
total 0
prw------- 1 root root 0 Jul 18 2002 initctl

My guess is to really make a good working enviroment you need to add
null and random at a very minimum. Not sure what else is recommended
to have but from reading up in the archives and the faqs I understand
that many devices are not a good thing and can be a big security risk.

I can't recall right now if there is a minimum set of devices that are
suggested to have available to maintain a secure vserver if I missed
it please point it out to me if not then it probably be a good idea to
create such a list.

Best regards,
 Eje Gustafsson mailto:MacAhan_at_fament.com

[This E-mail scanned for viruses by Declude Virus]

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Jan 2003 - 08:55:35 GMT by hypermail 2.1.3