From Fedora Project Wiki
mNo edit summary
mNo edit summary
Line 35: Line 35:


(from https://lists.fedoraproject.org/pipermail/server/2014-February/000779.html)
(from https://lists.fedoraproject.org/pipermail/server/2014-February/000779.html)
= 2. Network Configuration =
"You might install NetworkManager-config-server, which drops some
server-type config files into /etc/NetworkManager/conf.d that do things
like ignoring the carrier on all interfaces and ensuring NM never
creates the default DHCP connections that are useful on desktops.  There
are other options in there, like making NM stop
touching /etc/resolv.conf if you know you never need to update it.  See
"man NetworkManager.conf" for more details on all these options."
(from https://lists.fedoraproject.org/pipermail/server/2014-February/000753.html )

Revision as of 15:50, 25 February 2014

1. System Identification

When you ssh into people.fedoraproject.org, you get some information including this bit:

Security Category: Low Primary Contact: Fedora Admins - admin@fedoraproject.org Purpose: Provide hosting space for Fedora contributors and Fedora Planet


This comes from http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/#HostGeneralSecurity-System-Identification

That's pretty neat. A lot of big organizations may have policies and a system like that, but it strikes me as something that would be neat to integrate into Fedora Server by default.

(from https://lists.fedoraproject.org/pipermail/server/2014-February/000737.html)


To be honest I think it is a terrible idea to drop this information into an /etc file, because it would be a maintenance burden with the very plausible outcome of being a source of confusion.

This kind of information is normally held into a centralized catalog for obvious reasons, if you have that many systems that you need to write this down, you have to many to consult them one by one anyway, you need a central place where you can report on this stuff.

And you do not want to have to create services to synchronize this information locally. It is just useless busy work. But once the file exist you have to do it because otherwise people can get confused (or worse, programs can misbehave) if the information in the local file is wrong.

(from https://lists.fedoraproject.org/pipermail/server/2014-February/000779.html)

2. Network Configuration

"You might install NetworkManager-config-server, which drops some server-type config files into /etc/NetworkManager/conf.d that do things like ignoring the carrier on all interfaces and ensuring NM never creates the default DHCP connections that are useful on desktops. There are other options in there, like making NM stop touching /etc/resolv.conf if you know you never need to update it. See "man NetworkManager.conf" for more details on all these options."

(from https://lists.fedoraproject.org/pipermail/server/2014-February/000753.html )