From owner-freebsd-questions Fri Jan 24 6:48:20 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4522C37B401 for ; Fri, 24 Jan 2003 06:48:18 -0800 (PST) Received: from grillolja.cs.umu.se (grillolja.cs.umu.se [130.239.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF37743F5F for ; Fri, 24 Jan 2003 06:48:16 -0800 (PST) (envelope-from tdv94ped@cs.umu.se) Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 0CFF99FA3; Fri, 24 Jan 2003 15:48:15 +0100 (MET) Received: from kvist.cs.umu.se (kvist.cs.umu.se [130.239.40.192]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by grillolja.cs.umu.se (Postfix) with ESMTP id DFC6F9F9C; Fri, 24 Jan 2003 15:48:10 +0100 (MET) Date: Fri, 24 Jan 2003 15:48:09 +0100 (MET) From: Paul Everlund To: Jens Haeusser Cc: freebsd-questions@freebsd.org Subject: Re: Installing Stripped System In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new amavisd-new-20020630 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 23 Jan 2003, Jens Haeusser wrote: > On 1/23/03 2:30 AM, "Paul Everlund" wrote: > > > On Thu, 23 Jan 2003, Jens Haeusser wrote: > > > >> I'd like to install a system lacking some of the binaries you can > >> specify as make.conf knobs, such as > >> > >> NO_I4B= true > >> NO_IPFILTER= true > >> NOGAMES= true > >> NOUUCP= true > >> NO_SENDMAIL= true > > > > I have been thinking that those "knobs" should have their own > > pkg-plist which one could use for deleting the binaries. Also one > > must take in concern dependencies of those "knobs"... > > I've always thought that the entire base system should have it's own > package/port system. That way, you could easily remove the bits you don't > want (remove UUCP from a fileserver, remove gcc from a firewall, etc). As > well, this would make security/other upgrades much easier. Telnet has a > remote hole? Simply upgrade the base-telnet port. This can already be easily done: # cvsup -g -L2 cvs-src # cd /usr/src/usr.bin/telnet # make # make install The hard part is removing the bits and pieces you don't want, as a running system expects some parts to just be there. The system requires sendmail for an example, but if you exchange sendmail with another MTA, you do not need sendmail and hence it could be removed. But which bits and pieces makes up sendmail? That's why some sort of pkg-plist would be nice. Also the question arise, if you remove sendmail to use another MTA, then remove that newly installed MTA, you end up with a system without any MTA at all. Hence it would be very easy to break a system if one were allowed to remove things from the base system. It would anyway be nice if the possibility was there for sysadmins who knows their way. > Jens Haeusser > Network Manager > Zoology, UBC Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message