On Thu, Oct 04, 2012 at 12:29:57AM +0100, Nux! wrote:
On 03.10.2012 23:59, Karanbir Singh wrote:
On 10/03/2012 05:29 PM, Karanbir Singh wrote:
As we get ready to start publishing Cloud Images ( or rather images consumable in various virt platforms, including public and private clouds ) - it would be great to have a baseline package manifest worked out.
and.. thoughts on Selinux ? Disable it ? Enable it ? Or should we just leave it in Permissive mode, along with a bit of text on howto enable it for people who want it ?
I usually leave it enforcing; it depends really on what it's for, but in recent years I found selinux to be less intrusive/problematic than it used to be in early 5.x days.
I would leave it on too, iptables with ssh only.
I think we should have at least one "official" version the way Red Hat means it, with firewall and selinux on, root access, no 3rd parties. I for one am going to build such images anyway.. :)
root access or ec2-user access with sudo ? or both? I would disable ssh password login completely too.
my 2 cents
Tru