[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
- Subject: RE: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
- From: storage@xxxxxxxxxx
- Date: Sat, 7 Apr 2001 16:42:04 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Can anyone shed light on the RPM's below and if
> they're actually needed on the RaQ3 system to run
> properly? We recently hired a security firm to harden
> our systems/networks -we installed a RedHat 7 firebox
> with IPTables in front of the RaQ?s. But they?re also
> suggesting that the RPM's below be removed because
> they're really not needed as they only add to possible
> security threats. We realize postgresql-6.5.2-C2 needs
> to stay for the backend database, but what about the
> others in this list? Does anyone see anything that
> *should* stay that's listed below?
>
A lot of them are -devel RPMs, so if you won't be compiling software that
needs to link against their libs and includes, you can get rid of them. But
you should really look into each and every RPM, find out what it's for, and
decide whether _you'll_ be needing it or not. We can't decide that for you,
we don't know. For example, you have gd-devel there - will you be compiling
PHP with GD support? If you will, you'll need it. Do you use emacs? Will you
be using Perl or Python with PostreSQL? Do you need the Python docs? Et
ctera, et cetera. Ultimately though, if I was you, I'd look at another
security firm; or look at your contract with them; or pay them more. Unless
you went for a cheapy, _they_ should have researched this stuff.
adam