On Sat, Jan 22, 2011 at 21:05, Gordon Messmer <yinyang at eburg.com> wrote: > On 01/22/2011 08:28 PM, Nico Kadel-Garcia wrote: >> Unfortunately, this is not sufficiently reliable. Some idiot may >> re-run it > > Re-enabling NetworkManager requires the root password. If someone can > turn it back on with 'chkconfig' or another service management tool, > they can also re-install it. > > You may feel that it is worth the effort to remove NetworkManager > entirely, but I think most people will agree that there's no need to do so. > >> The key to *keeping* it off in RHEL 6, and I assume in CentOS 6, is >> the setting NM_CONTROLLED="no" in the >> /etc/sysconfig/network-scripts/ifcfg-* files. This is a new setting in >> RHEL 6, and I'm having difficulty finding documentation for it > > File a bug with the "initscripts" component. That setting *should* be > documented in /usr/share/doc/initscripts-*/sysconfig.txt, but isn't. Minimize the number of people who have root password. Those who need to perform actions that require root access should be given *norrow* permissions to do so via sudo. Now make certain that all actions performed are logged and that such logs are audited. Try to eliminate as much as possible any actions that require root access that are not or cannot be executed via sudo. Train everyone who has root access and/or sudo access about what are approved actions (policies and procedures document). HTH, Ken Wolcott