Date: Wed, 9 Jul 2003 10:52:36 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: stable@freebsd.org Subject: Re: Hardening production servers Message-ID: <20030709105010.O59356@fubar.adept.org> In-Reply-To: <200307090229.MAA09700@lightning.itga.com.au> References: <200307090229.MAA09700@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Jul 2003, Gregory Bond wrote: > Even easier might be to maintain a list of files you don't want on the client > machines and then rm them after every installworld (you could automate this in > the /usr/src/Makefile). Great points, just wanted to add... You could also use config mgmt tools like cfengine, PIKT, etc. (see ports) to remove (and make sure they stay removed) these files on all servers. You would then get all the other benefits (and headaches) typically associated with config mgmt. (Syncing config files from a central source, notification of changes, etc.) We've had cfengine running for awhile... A bit of a learning curve, but it has proven to be worthwhile. -mrh -- From: "Spam Catcher" <spam-catcher@adept.org> To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030709105010.O59356>