[OT] secure, minimal Debian installation for linux-based thin clients?
This is unrelated to any security patches / exploits, hence
off-topic. I'm posting here mostly because it seems like the right
crowd for this sort of problem. If this offends you, let me know and
I'll find a different venue in the future.
OK. We're a large network running lots (~100) thin clients, and
expecting to run more of them in the future. Currently, these are
NeoWare Eon's (mobile x86 cpu) running Linux (an old scaled-down
RedHat), with an NFS-mounted root fs. They run almost nothing
locally: currently an X server, sshd, and possibly some music forwarding
daemon in the future, so users can listen to tunes on their thin
clients using software on the server (we don't give users access to
the local software).
Now, we're looking to upgrade the Linux on these thin clients. I like
Debian, so that's one obvious choice. However, a standard Debian
install (e.g. what I run on my machine) gives us much more than we
need. This isn't fatal, since the filesystem is NFS-mounted, but it's
not clean, either. Is there a Debian-derived minimal distribution? Or
should we just install the base Debian system, add X via tasksel, and
add/remove remaining items with dselect or apt-get?
There is obviously more than one solution here, so I'm looking for
recommendations. We care about security; we don't want to run any
services we don't need, etc. Reliability is key, so your uncle's
friend's brother's alpha software might not be for us.
Any other comments (relevant to Debian on thin clients / X terminals)
welcome.
-chris
Reply to: