[NTLUG:Discuss] installing redhat 6.2

[David]

On Tue, Nov 12, 2002 at 10:06:38AM -0600, Chris Cox wrote:
> This is true.  Also, you shouldn't use a journaled filesystem for
> some of the same reasons.  No kernel modules, no plug&play, no
> hotplug USB/Firewire, no local compilers, no SysV style init, etc.
> However, you need to weigh security "paranoia" against the fact that
> many servers run services that make these issues look like a joke, in
> comparison.  Security policies need to be carefully considered.  Indeed,

I agree.  Certainly the many servers that some systems run by default
would be the number 1 source of vulnerabilities.

With regard to kernel modules, PnP, etc., yes, those things do also
introduce insecurity.  In "carefully considering" them, I would weigh
their insecurity against the utility that they provide.  For my own
systems, I run ext3, and modules, and compilers, because they provide a
significant benefit.

With respect to RAM and swap space, though, the balance may be
different.  Adding a swap partition does not add any functionality to
the system.  It just saves a $20 expenditure on another stick of memory.
Given a $20 savings at the price of greater insecurity (through
persistence of data that I would rather have disappear), I'll choose to
spend the $20 and run without swap.

YMMV, of course.

-- 
David Hayes
david at hayes-family.org