Re: [OT] secure, minimal Debian installation for linux-based thin clients?
* Chris Majewski <majewski@cs.ubc.ca> [021018 22:43]:
> RedHat), with an NFS-mounted root fs. They run almost nothing
> locally: currently an X server, sshd, and possibly some music forwarding
> daemon in the future, so users can listen to tunes on their thin
> clients using software on the server (we don't give users access to
> the local software).
>
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need. This isn't fatal, since the filesystem is NFS-mounted, but it's
> not clean, either.
I do not know, what you all need. When setting up only as Xterminal
I just copied the needed files from the sparc .deb in some dir
of the x86-Server. (And compiled some kernel on some sparc-machine,
as the clients only had 5mb). Only some libs, init and the xserver.
(Not even a shell). If you need ssh, you may need some more libs,
but selecting exactly the files you need makes it also a litte more
secure.
As running ssh means regular updates, I would just suggest some
script unpacking the whole .debs (Maybe even directly using ar and tar)
and putting the configuration files in place.
(Though thinking again about ssh and such things as the sshd-user
this might perhaps not be the best solution)
Hochachtungsvoll,
Bernhard R. Link
--
The man who trades freedom for security does not deserve
nor will he ever receive either. (Benjamin Franklin)
Reply to: