On Thu, Oct 04, 2012 at 12:29:57AM +0100, Nux! wrote: > On 03.10.2012 23:59, Karanbir Singh wrote: > > On 10/03/2012 05:29 PM, Karanbir Singh wrote: > >> As we get ready to start publishing Cloud Images ( or rather images > >> consumable in various virt platforms, including public and private > >> clouds ) - it would be great to have a baseline package manifest > >> worked > >> out. > > > > and.. thoughts on Selinux ? Disable it ? Enable it ? Or should we > > just > > leave it in Permissive mode, along with a bit of text on howto enable > > it > > for people who want it ? > > I usually leave it enforcing; it depends really on what it's for, but > in recent years I found selinux to be less intrusive/problematic than it > used to be in early 5.x days. I would leave it on too, iptables with ssh only. > I think we should have at least one "official" version the way Red Hat > means it, with firewall and selinux on, root access, no 3rd parties. > I for one am going to build such images anyway.. :) root access or ec2-user access with sudo ? or both? I would disable ssh password login completely too. my 2 cents Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20121004/d5c355d3/attachment-0004.sig>