[CentOS] compilers a security risk?

[Mike McCarty]

Dave Stevens wrote:
> I manage a web hosting server that we've recently upgraded, in part so  
> we could accommodate a domain that will enable community mapping. In a  
> recent exchange of mails one developer said:
> 
> 
> "I could build the package directly on the server machine you have,
> provided that the potential security risk posed by having compilers
> installed is not an issue."

That's how the "Internet Worm" spread.

As a general principle, machines on the "periphery" or what one
might call "firewall machines" should have nothing installed
which they don't need in order to perform their primary intended
function. That means both hardware and software, IMO.

The less which is there, the fewer potentials for compromise exist.

No services should run which aren't necessary for the functioning
of the machine. Don't even install them unless you have to, but
don't enable/start them if you install them.

I would install rkhunter and tripwire, and I would peruse their
logs.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!