[Clip] Applied CLIP to fresh RHEL 5.3; network won't start
brian at bri3001.com
Thu Aug 6 09:06:57 CDT 2009
> -----Original Message-----
> From: Karl MacMillan [mailto:kmacmillan at tresys.com]
> Sent: Thursday, August 06, 2009 9:05 AM
> To: Brian Williams; Eric Gearhart; clip at oss.tresys.com
> Subject: RE: [Clip] Applied CLIP to fresh RHEL 5.3; network won't start
> > -----Original Message-----
> > From: clip-bounces at oss.tresys.com [mailto:clip-
> > bounces at oss.tresys.com] On Behalf Of Brian Williams
> > I am also not big
> > on
> > having some puppet program on my stripped down/locked down system,
> > does
> > anyone have any details on what this is/does?
> I understand the desire to keep your system minimal, however I think
> puppet is worth the footprint. It is a system configuration tool that
> are using to do the lockdown. Using a real configuration tool brings
> many benefits over shell scripts that we are starting to realize:
Sounds interesting, I'll have to look more into it. Is there any CLIP
specific documentation on its use of puppet or is all that on the puppet
Also is it possible that the puppet program screwed up the label of
/etc/sysconfig/network which could be causing the problem during bootup?
> * Easier to understand config that is focused on what the system state
> should look like rather than the steps to get there.
> * Repeatable config - in the future you should be able to apply the
> lockdown to an existing box or reapply to a CLIP configured box.
> * Easier customization.
> * If desired, the ability to remotely manage and lockdown many systems.
This stuff sounds pretty cool, can this management be done locally? Is
there a way to have a system do a health check and provide some sort or
report that doesn't have to be remotely done?
> You can find some more information about puppet at
> Of course, if you're very concerned about the footprint, you should be
> able to remove puppet and ruby in the post script after the config has
> been applied.
Understood, my main concern is actually more of remote access to the system,
but footprint does come into play a lot for me in particular.
More information about the Clip