Oh, this is also related to the 'hidepid' discussion. If NetworkManager is going to be a blocker on hidepid, then it needs to be fully locked down and I can't find good guidance on doing that.
On Sun, Sep 9, 2018 at 12:56 PM Trevor Vaughan <[email protected]> wrote: > Everyone I know hates that on servers. > > Apparently firewalld tries to use it and it's mentioned in the SSG > explicitly. > > Since it's mentioned, there needs to be surrounding guidance on how to > make it not be so "user friendly". > > If it's not needed, it should fall under "run no unnecessary services" and > be slated to be killed explicitly since it does try to give people the > ability to do things in the network stack by default (which they should not > have). > > Thanks, > > Trevor > > On Sat, Sep 8, 2018 at 12:38 PM Matthew <[email protected]> wrote: > >> Why is NetworkManager required? I hate that on servers. >> >> On Fri, Sep 7, 2018, 5:42 PM Trevor Vaughan <[email protected]> >> wrote: >> >>> As I was digging around some of the content, I realized that I had a >>> question that I never managed to get answered. >>> >>> Namely, is NetworkManager now a required service? >>> >>> If so, what is the proper mechanism for restricting DBus access to >>> NetworkManager to only allowed users (i.e. no GUI utilities, etc...). >>> >>> I feel like this should be codified somewhere in the SSG content. >>> >>> Thanks, >>> >>> Trevor >>> >>> -- >>> Trevor Vaughan >>> Vice President, Onyx Point, Inc >>> (410) 541-6699 x788 >>> >>> -- This account not approved for unencrypted proprietary information -- >>> _______________________________________________ >>> scap-security-guide mailing list -- >>> [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> >> _______________________________________________ >> scap-security-guide mailing list -- >> [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
