Hardening production servers
Mike Hoskins
mike at adept.org
Wed Jul 9 10:52:37 PDT 2003
On Wed, 9 Jul 2003, Gregory Bond wrote:
> Even easier might be to maintain a list of files you don't want on the client
> machines and then rm them after every installworld (you could automate this in
> the /usr/src/Makefile).
Great points, just wanted to add... You could also use config mgmt tools
like cfengine, PIKT, etc. (see ports) to remove (and make sure they stay
removed) these files on all servers. You would then get all the other
benefits (and headaches) typically associated with config mgmt. (Syncing
config files from a central source, notification of changes, etc.)
We've had cfengine running for awhile... A bit of a learning curve, but
it has proven to be worthwhile.
-mrh
--
From: "Spam Catcher" <spam-catcher at adept.org>
To: spam-catcher at adept.org
Do NOT send email to the address listed above or
you will be added to a blacklist!
More information about the freebsd-stable
mailing list