lucky13
Group: Members
Posts: 1478
Joined: Feb. 2007 |
 |
Posted: April 29 2008,21:28 |
 |
I've finally posted a slimmed down 'hardening' guide for DSL hard drive installs. I focused primarily on updating a few things that can be important on a networked computer, including one that surfs the Internet. That includes upgrading zlib , SSL, and SSH. Hopefully Robert will consider either updating some or all of these or using a smaller replacement like dropbear (has this been considered before?) in DSL 4.x. I also cover a few things that I think should be changed on a hard drive install such as tightening sudoers and reconfiguring ssh/d. I like to keep my secure shell secure.
My own preference is to use as little from MyDSL on hard drive install as possible. With my most recent install (yesterday), I installed GNU utils and gcc. No UCIs. These can be made to work on hard drive installs, but they're not ideal (imo).
Default kernels are for the widest (sensible) array of possible hardware on which it can be used. That's important and ideal for a live CD, but maybe not so good on a fixed hard drive. To make my point, I also compiled a kernel this afternoon to show how wide the differences between the default kernel and one compiled for a particular computer can range. In my case, I was using 16MB of RAM upon booting into runlevel 3 with an updated version of BASH and 25MB after startx and my new modules take up less than 8.5% of the hard drive space used by the default (could've been even smaller) DSL modules. This is fully functional for that particular computer. I have an image showing before and after data, but the before includes a lot more running processes instead of at boot (I'll boot the DSL kernel again and update that).
(Since someone mentioned RAM use in one of the Eee threads, those RAM numbers above include cached -- which the default torsmorc excludes from what gets displayed on your screen.)
As I note, these aren't shortcomings in DSL. You just have to remember that DSL and Knoppix were engineered to run in a completely different form from a standard hard drive install. If you use it as intended, these things don't matter so much and would be impractical -- what good would it be to set up strong passwords on a live CD anyway? When you install DSL to hard drive, you're undoing some of that CD-based engineering. You can't reboot into a restored state, you have the same issues where you left off. I left out a lot more I wanted to write about some of the scripts which are ideal if you want to use DSL as it's intended to be used but can be less than ideal -- IMO -- on a hard drive install.
The page is here:
http://lucky13linux.wordpress.com/dsl-hard-drive-tweaks/
--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
