I support keeping any additional security on my default. I would alctually support having more security enabled by default in any cloud image since it is most likely sitting on top of an environment you don't directly manage (Amazon EC2).
Would it make more since to trigger an additional configuration dialog that would help with fine-grained configuration of the images security features. This could be a script based config triggered after Anaconda finished.
I know this would be yet another feature to develop and implement, but I would prefer to have a cloud image "locked down" as much as possible by default, but make it as simple as possible for a novice to disable features they may not need.
This is a good debate though.
Wilbur
On Wednesday, September 11, 2013, Dennis Gilmore wrote:
On Wednesday, September 11, 2013, Dennis Gilmore wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El Tue, 10 Sep 2013 23:36:01 -0400 (EDT)
Sam Kottler <skottler@xxxxxxxxxx> escribió:
> Greetings,
>
> Given the deny-by-default nature of security groups I think it makes
> sense to disable firewalld in the AMI's. I haven't seen any other
> AMI's that have a firewall enabled by default and we probably
> shouldn't break that pattern IMO.
>
> Thoughts?
Lets not, for one the image in EC2 is exactly the same image we make
available for download in any and every cloud provider or for use on
your local machine with a suitable local metadata service provider.
use in EC2 is only a portion of the use of the image.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
iEYEARECAAYFAlIwre4ACgkQkSxm47BaWfd//wCfbqOfJn2M8CKjcHCiLRd+9TsR
YvoAnRDY4/1A5bCONiR+QlVyHIVNyFs0
=3Pzs
-----END PGP SIGNATURE-----
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
--
Wilbur K. Smith
_______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct