bare minimum packages (Was: Ping, Pong, oh lets get moving shall we ;)

Jesse Tie Ten Quee highos at
Wed Nov 8 13:35:46 PST 2000


On Wed, Nov 08, 2000 at 11:47:51AM -0500, James J. wrote:
> Here's a topic for the truly paranoid -

Do remenber, there is only so much you do to secure a box, and it really
comes down to functality, how far do you want to go before it gets
_really_ annoying?

> A very secure system shouldn't have any binaries that aren't going to
> be used. Many of the LFS binaries are only there to build packages.
> Once you have the system built, and have added whatever extra apps you
> want to put on it, what binaries can you get rid of and still have a
> running system?

Just about everything, all you really need is your kernel, sysvinit,
sysklogd (well, you want to log no), a shell, shadow and a few others
like you mentioned. it would be easier to start from scratch and just
copy over the binaries from scratch (if your going to strip, why bother,
its' twice as much work)

Do remenber... it's not like most of these things take a lot of room and
there are quite a few projects for a small, secure
firewal/proxy/route/print server, etc.
(allthough, y'all problbly know that anyways ;)

> Procps (Is the kill command necessary for the shell to run? Is sysctl
>      necessary for the kernel to start?)

/etc/init.d/functions uses kill, you could get away from using these
functions and use something like ssd (start-stop-daemon).

Jesse Tie Ten Quee - highos at highos dot com

More information about the lfs-security mailing list