After the above work is complete, we will install the software package. In general, Linux can provide powerful services, but these services are not all necessary, and some may cause security risks. We only need the necessary items, that is, the software package. By selecting the "Select individual package", you can Select or not to Select a separate software package during subsequent installation.
We have installed LINUX machines without a graphical interface. Installing the linux gui on the server means higher security performance, less CPU time, and less memory, for more processing capabilities, we can select the following software package for installation:
◆ Networked Workstation
◆ Network Management Workstation
◆ Utilities
Next, we should select a single software package.) install the program to list the available software package groups. Each Software Package group contains independent software, and some software is listed below, do not install these software because of security issues:
Applications/Archiving: dump Applications/file: git Applications/Internet: finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet Applications/Publishing: ghosts cript, ghosts cript-fonts, mpage, rhs-printfilters Applications/System: arpwatch, bind-utils, knfsd-clients, procinfo, rdate, rdist, screen, ucd-snmp-utils Documentation: indexhtml System Environment/Base: chkfontpath, yp-tools System Environment/Daemons: XFree86-xfs, lpr, pidentd, portmap, routed, rusers, rwho, tftp, ucd-snmp, ypbind System Environment/Libraries: XFree86-libs, libpng User Interface/X: XFree86-75dpi-fonts, urw-fonts |
I will explain why not install these software:
Applications/Archiving:
The dump package includes the dump and restore programs. Dump is used to check files in the file system to determine which backups are required, and then copy these files to disks, tapes, or other media. It is unnecessary for us to implement it in other ways;
Applications/File:
GIT can browse the file system, view text files or binary files, view or stop processes, and include other tools and SHELL scripts, which are not necessary;
Applications/Internet:
FINGER, FTP, TELENT, FWHOIS, and ncftp are absolute security risks for servers. Intruders can use these software to HACK servers and query and log on to other servers, so do not;
Applications/Publishing:
Ghosts interpreter is a set of software, including: Posts interpreter (tm) interpreter, C language function library ghosts interpreter function library implements the graphics * for the Posts interpreter language) and PDF file interpreter. Ghosts internal font is a number of Posts internal (tm) fonts, which are used by the ghosts internal interpreter. These fonts are also shared by ghosts fonts and X11 fonts. Mpage outputs plain text files and Posts profiles (tm) files to the Posts profiles printer, which can print more than one page of content on a piece of paper. Generally, no printer is installed on the server, so this is unnecessary ).
Rhs-printfilter includes a set of print drivers, which are mainly used in combination with the RedHat pinttool. These are generally unnecessary for servers.
Applications/System:
Arpwatch includes two programs: arpwatch and arpsnmp, both of which are network monitoring programs and are used to monitor network traffic between Ethernet and FDDI and establish a database between the ethernet address and IP address, if the relationship between the two time changes, it will be reported by EMAIL. No)
Dind-utils is used to query DNS servers to obtain information about hosts on the Internet. We can do it by ourselves)
Knfsd-clients includes the showmount program, which is used to query the mount daemon of a remote host to obtain NFS information security risks on the remote host)
The procinfo command can obtain system information from the/proc directory and display it in a proper format on the standard output. We can use other methods)
According to RFC 868, rdate can obtain date and time information from other computers in the network. Security risks)
The rdist Program maintains multiple copies of the same files on multiple hosts. If possible, rdist retains the file's owner, group, mode, and mtime attributes, and it can dynamically update running programs. Security risks)
Ucd-snmp includes a variety of utilities for UCD-SNMP network management. Security risks are not necessary)
The screen tool allows you to log on to a terminal multiple times at the same time. Screen is useful for users who use telnet to log on to a remote server or use a dumb terminal. No)
Documentation:
Indexhtml includes some HTML files and some images. After you successfully install RedHat Linux, it serves as a welcome page for your browser. As a server, there is no need)
System Environment/Base:
Chkfontpath is a simple command line program used to add, delete, and list the font paths of X Windows. No)
NIS provides network information for all computers on the network, such as Logon Name, password, home directory, and group information. Security risks)