Re: Removing System Consoles from Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Lyvim Xaphir wrote:

On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:

On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:

As I said...I don't agree with it...I'm just saying that I understand
the thinking behind it.

Sorry, but I think you don't. You might want to read Alan Cox's message
on the fedora-test list:
https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.

poc




It's still a stupid idea.  There's no good reason to get rid of the vt
consoles; they've been there for a very long time on rh, I use them all
the time.  As does alot of other people.  As one other user pointed out
on the link that *you provided, the lack of vt consoles is the number
one problem with another distro, according to it's users.


There are reasons for disabling consoles, however the term "good" is
subjective.  For example, PCI compliance says that you must render the
machines as physically difficult to get into as you can.  We, for
example, do the following:

1. Machines do not have X installed and boot to run level 3
2. /etc/inittab modified to NOT spawn gettys on the VTs
3. /etc/inittab spaws serial port getty connected to a serial KVM
4. grub configured to also use the serial port for its console

This is in addition to them being in cage with a deadbolt lock on the
door, and the cage being in a data center with physical access
restrictions, cardkey access and video surveillance.  Yes, it's a bit
onerous, but it is required.  Whether you think they're "good reasons"
is irrelevant.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                       rps2@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-  Any sufficiently advanced technology is indistinguishable from a  -
-                              rigged demo.                          -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux