[Infrastructures] Re: Host installs?

Stephen Schaefer SSchaefer@rfmd.com
Tue, 4 Feb 2003 09:07:35 -0500 

This is a good answer for well understood, static environments -
especially those exposed to the security threats of the internet, or
indeed at any security boundary.  You do, however, gain from
*uniformity* of systems, both from the ability to rapidly repurpose and
from the decrease in management complexity.  That means on internal
systems you install everything you use or are likely to use anywhere,
which is almost everything (though probably not <a
href="http://www.xbill.com">xbill</a> :-).  I do take the security issue
seriously, and no one can afford not to when dealing with the
opportunistic threats from the internet -- but you need to find the
balance between your own internal capabilities and vulnerabilities that
matches the level of threat you have.  That means assessing the attitude
of you colleagues and establishing the right security boundaries.  A
military unit has different requirements than a local auto mechanic.

    - Stephen

-----Original Message-----
From: Daniel Pittman [mailto:daniel@rimspace.net] 
Sent: Tuesday, February 04, 2003 7:36 AM
To: Harry Hoffman
Cc: infrastructures@terraluna.org
Subject: [Infrastructures] Re: Host installs?


On Tue, 4 Feb 2003, Harry Hoffman wrote:
> Hi All, When doing host based installs are most people installing 
> everything available from the vendor - ie Full+OEM->Solaris,
> Everything->Redhat?

Heck, no. That's the *last* thing you want to do.

> Everything->Or are you only installing certain packages
> (clusters) for any given OS?

Not only do I select based on the purpose of the machine, I tend to trim
the list down to exclude a number of packages that the vendor[1]
installs in the "base" system.

> Do most people not really care anymore, because disks have become so 
> large? If everything is installed then how do most people deal with 
> making sure services aren't started, cfengine?

If you don't need it, don't put it on there. Aside from the issue of
disk use, and of security holes as highlighted elsewhere, you complicate
backups and hide important information in the mass of unused files.

        Daniel

Footnotes: 
[1]  Debian, primarily.

-- 
A companion, unobtrusive
Plays the song that's so elusive
And the magic music makes your morning mood.
        -- Rush, _The Spirit of Radio_, 1980
_______________________________________________
Infrastructures mailing list Infrastructures@mailman.terraluna.org
http://mailman.terraluna.org/mailman/listinfo/infrastructures