[Clip] Applied CLIP to fresh RHEL 5.3; network won't start
Karl MacMillan
kmacmillan at tresys.com
Thu Aug 6 08:05:16 CDT 2009
> -----Original Message-----
> From: clip-bounces at oss.tresys.com [mailto:clip-
> bounces at oss.tresys.com] On Behalf Of Brian Williams
> I am also not big
> on
> having some puppet program on my stripped down/locked down system,
> does
> anyone have any details on what this is/does?
>
I understand the desire to keep your system minimal, however I think
puppet is worth the footprint. It is a system configuration tool that we
are using to do the lockdown. Using a real configuration tool brings
many benefits over shell scripts that we are starting to realize:
* Easier to understand config that is focused on what the system state
should look like rather than the steps to get there.
* Repeatable config - in the future you should be able to apply the
lockdown to an existing box or reapply to a CLIP configured box.
* Easier customization.
* If desired, the ability to remotely manage and lockdown many systems.
You can find some more information about puppet at
http://reductivelabs.com/products/puppet/.
Of course, if you're very concerned about the footprint, you should be
able to remove puppet and ruby in the post script after the config has
been applied.
Karl
More information about the Clip
mailing list