-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/14/2012 03:16 AM, Ewoud Kohl van Wijngaarden wrote:
On 08/13/2012 03:01 PM, Ewoud Kohl van Wijngaarden wrote:
- It's very basic, just ensure users exist and sudo is set up. We can do much more, but what do we want?
Not sure what makes sense, thus some random ideas:
* Can we further strip out extra packages, or is that best handled in the original install image or kickstart script? I think this is better handled in install image / kickstart, but if you have specific packages you don't want installed we can list
On Mon, Aug 13, 2012 at 04:29:29PM -0700, Karsten 'quaid' Wade wrote: those.
* Firewall rules, sshd rules - I like to put sshd on a non-standard port, such as 108, to minimize noise in the logwatch. I was thinking the same, at least disable password authentication for SSH, disable root etc.
Along with disabling root login, we can also load in the public keys of the Infra team in to their user accounts, so people can ssh + sudo directly after the host is up. - - Karsten
* Enable a remote backup solution for any data sources. I think we first have to decide on a backup solution, but in time yes. * ... Maybe it's best to start with something small that provides a working solution, set up a puppet master either with or without foreman and get the git repo into gerrit. _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
- -- Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFQKl7r2ZIOBq0ODEERAj9lAJ9av4GtnvSP32xcI0q0AfmyogBoGgCgwoJ9 AHoeCD8aoWpyliI77JLVWto= =f8ht -----END PGP SIGNATURE-----