This was the first evening where we started the virtual server configuration for our mythical SMB type environment. We went over the text based install of CentOS 5.4 and initial package selection, as well as running services on the box.
After a few technical difficulties while looking up some packages (trousers and fipscheck) that were installed that had not been selected, the rest of the install was reviewed. During the ‘firstboot’ process, we went through the list of services, which was rather enlightening for all involved. It appears that a number of things that you do not normally think about are enabled by default, even when unnecessary.
TrouSerS is an implementation of the Trusted Computing Group’s Software
Stack (TSS) specification. You can use TrouSerS to write applications
that make use of your TPM hardware. TPM hardware can create, store and use
RSA keys securely (without ever being exposed in memory), verify a
platform’s software state using cryptographic hashes and more.
FIPSCheck is a library for integrity verification of FIPS validated
modules. The package also provides helper binaries for creation and
verification of the HMAC-SHA256 checksum files.
Links:
- Installation and configuration of postfix
- The kickstart file for our base install
- The list of services after configuration
- Configurations settings for the virtual machine
During the time between now and the next meeting, we will be launching a forum section on the site to discuss the installation and address any questions, as well as try to establish some effective methodology (formerly “Best Practices”). This is a community effort and while I am willing to provide some guidelines and direction at the start, this is very much going to be a group effort, along with all that entails. We will document as we go and hopefully at the end we will have a useful set of procedures as well as lessons learned.
On a side note, to explain the “Best Practices” comment in the preceding paragraph, the term “Best Practices” is often used to convey the idea that this is the best method to do something. Without some unbiased way of judging the relative merits against all other implementations, this is just an opinion or a popular consensus as to methodology. In my opinion, it also predisposes you to think that this is THE WAY to do it and you stop thinking about ways to improve a process. It may very well be the best way, but there is no reason to be blind to other interpretations or be constrained to a particular implementation that doesn’t fit what you need just because it’s a “Best Practice”. Best practice for whom?
Current minimal resources for the project:
- CentOS 5.4 available from the CentOS project site.
- Oracle VirtualBox available from Oracle Corporation. We are using the binary distribution, not the community edition for cross platform similarity and ease of installation.