Date: Fri, 24 Jan 2003 15:48:09 +0100 (MET) From: Paul Everlund <tdv94ped@cs.umu.se> To: Jens Haeusser <jens@zoology.ubc.ca> Cc: freebsd-questions@freebsd.org Subject: Re: Installing Stripped System Message-ID: <Pine.GSO.4.44.0301241537240.9752-100000@kvist.cs.umu.se> In-Reply-To: <BA559A29.6449%jens@zoology.ubc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Jan 2003, Jens Haeusser wrote: > On 1/23/03 2:30 AM, "Paul Everlund" <tdv94ped@cs.umu.se> wrote: > > > On Thu, 23 Jan 2003, Jens Haeusser wrote: > > > >> I'd like to install a system lacking some of the binaries you can > >> specify as make.conf knobs, such as > >> > >> NO_I4B= true > >> NO_IPFILTER= true > >> NOGAMES= true > >> NOUUCP= true > >> NO_SENDMAIL= true > > > > I have been thinking that those "knobs" should have their own > > pkg-plist which one could use for deleting the binaries. Also one > > must take in concern dependencies of those "knobs"... > > I've always thought that the entire base system should have it's own > package/port system. That way, you could easily remove the bits you don't > want (remove UUCP from a fileserver, remove gcc from a firewall, etc). As > well, this would make security/other upgrades much easier. Telnet has a > remote hole? Simply upgrade the base-telnet port. This can already be easily done: # cvsup -g -L2 cvs-src # cd /usr/src/usr.bin/telnet # make # make install The hard part is removing the bits and pieces you don't want, as a running system expects some parts to just be there. The system requires sendmail for an example, but if you exchange sendmail with another MTA, you do not need sendmail and hence it could be removed. But which bits and pieces makes up sendmail? That's why some sort of pkg-plist would be nice. Also the question arise, if you remove sendmail to use another MTA, then remove that newly installed MTA, you end up with a system without any MTA at all. Hence it would be very easy to break a system if one were allowed to remove things from the base system. It would anyway be nice if the possibility was there for sysadmins who knows their way. > Jens Haeusser > Network Manager > Zoology, UBC Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0301241537240.9752-100000>