Updating servers with rpm buy dating without drama
However, it scales very well to most other information security endeavors, including system hardening.Another concept originally forged in a somewhat different context is the Principle of Least Privilege.As it happens, there's no manpage for libglade, but I can ask rpm whether any other packages depend on it (Example 3-1).[[email protected]]$ man libglade No manual entry for libglade [[email protected]]$ apropos libglade libglade: nothing appropriate [[email protected]]$ rpm -q --whatrequires libglade memprof-0.3.0-8 rep-gtk-gnome-0.13-3 Aha...libglade is part of GNOME.If a server is to run "headless" (without a monitor and thus administered remotely), then it certainly doesn't need a full X installation with GNOME, KDE, etc., and probably doesn't need even a minimal one.
For example, in reviewing the packages on my Red Hat system, suppose I see libglade installed but am not sure I need it.
Operating-system hardening can be time consuming and even confusing.
Like many OSes designed for a wide range of roles and user levels, Linux has historically tended to be "insecure by default": most distributions' default installations are designed to present the user with as many preconfigured and active applications as possible.
For example, have one host support public WWW services along with public FTP services, since both are used for anonymous filesharing, and have another host provide DNS and SMTP since both are "infrastructure" services. In any case, I If you don't know what a given command or package does, the simplest way to find out is via a man lookup.
All manpages begin with a synopsis of the described command's function.Therefore, securing a Linux system not only requires you to understand the inner workings of your system; you may also have to undo work others have done in the interest of shielding you from those inner workings!