> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of J E > Sent: Tuesday, March 04, 2008 4:37 PM > > > On Mar 4, 2008, at 10:05 AM, Domenico Viggiani wrote: > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of J E > >> Sent: Tuesday, March 04, 2008 3:12 PM > >> > >> The question is what do you gain by removing it? > > > > It's a best practice. Remove anything is not strictly needed. > > One of worst problems of Red Hat is that its installation > leaves a lot > > of un-needed packages, anytime I lose a lot of time > cleaning my system > > by "rpm -e", only recently I solved using a customized > kickstart file. > > > > Safely remove redhat-lsb, perl, gcc and any other package you don't > > need! > > > > Whose best practice? The NSA would disagree with you. > > http://www.nsa.gov/snac/downloads_redhat.cfm?MenuID=scg10.3.1.1 > > If memory serves, they only recommend removing X Windows.
http://www.nsa.gov/snac/os/redhat/rhel5-pamphlet-i731.pdf "Minimize the amount of software installed and running in order to minimize vulnerability." http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf "1.1.2 Minimize Software to Minimize Vulnerability The simplest way to avoid vulnerabilities in software is to avoid installing that software. On RHEL, the RPM Package Manager (originally Red Hat Package Manager, abbreviated RPM) allows for careful management of the set of software packages installed on a system. Installed software contributes to system vulnerability in several ways. Packages that include setuid programs may provide local attackers a potential path to privilege escalation. Packages that include network services may give this opportunity to network-based attackers. Packages that include programs which are predictably executed by local users (e.g. after graphical login) may provide opportunities for trojan horses or other attack code to be run undetected. The number of software packages installed on a system can almost always be significantly pruned to include only the software for which there is an environmental or operational need." And there is not only NSA, especially for european users... -- DV _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
