- Posted In
- Red Hat Enterprise Linux
In general it would be great if the default config files shipped with many common services avialable in RHEL such as mysql (innodb and myisam), samba, httpd, networking, etc. included more in-line documentation and examples for common use-cases with recommendations for tunables. Many daemons have very little in their default config which makes it difficult to see what the defaults are and many have tunables that are by default not set appropriately for the most common use cases. Often these are not easily discoverable until diving deeply into the application. The squid default config is one example of how to include documentation of all available config options in the default file where they are discoverable, there may be more succinct ways of doing it.
- template network config with all the options that the network scripts know about such as vlans, bonding, IPv6, etc. Many options are poorly documented or discoverable without reading through all the scripts which implement network startup
- mysql config which has all the available tunables listed and documented with defaults for common configs such as a primarliy myisam or innodb on systems of various resources. there are some defaults in /usr/share/doc but it is not clear that they are authoritative or complete
- samba configs for being a member of a win2k8r2, win2k3, etc. domain or for being standalone or for working with linux/cifs clients. The default config is not clear that it has all the correct options set, many default values are no longer appropriate on modern systems and relate to interoperation with win9x, winnt, win2k which are now rare.
- httpd with most modules turned off by default and only enabled by admin as a basic security hardening measure. apply some recommendations from the center for internet security, NSA, etc. to the default configs.
If replacing the upstream vendor default configs is too much of a departure from current practice then it would still be beneficial to include recommended configs in /usr/share/doc that include all the best practices and recommenations from the developer and experts in the field.