From owner-freebsd-security  Wed Aug 15  7: 6:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mixtim.homeip.net (cg392862-a.adubn1.nj.home.com [65.2.79.221])
	by hub.freebsd.org (Postfix) with ESMTP id E2B9037B405
	for <security@freebsd.org>; Wed, 15 Aug 2001 07:06:21 -0700 (PDT)
	(envelope-from michael@mixtim.homeip.net)
Received: by mixtim.homeip.net (Postfix, from userid 1000)
	id 3992498D7; Wed, 15 Aug 2001 10:06:21 -0400 (EDT)
Date: Wed, 15 Aug 2001 10:06:21 -0400
From: Mixtim <mixtim@mixtim.homeip.net>
To: security@freebsd.org
Subject: Re: cvs commit: src/etc inetd.conf
Message-ID: <20010815100621.A5853@mixtim.homeip.net>
Reply-To: mixtim@mixtim.homeip.net
References: <20010815134852.B16184@zerogravity.kawo2.rwth-aachen.d> <59836.997879734@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <59836.997879734@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Wed, Aug 15, 2001 at 02:48:54PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Aug 15, 2001 at 02:48:54PM +0200, Sheldon Hearn wrote:
> The only problem here is that FreeBSD could be seen as a system that
> does nothing out of the box. :-)
> This is not an unresolvable problem, it's just something that needs to
> be considered.

I've installed FreeBSD on quite a few machines. Every install required
tweaking configuration files and editing rc.conf. Since you do this
every install anyway, why not disable every network service and make the
administrator turn on what they really need?

I mean seriously... how many people actually use the default sendmail.cf
file (for those who do use sendmail) for their network mail server?
Nobody. You always end up having to edit the .mc file for one reason or
another. While the admin is configuring sendmail he/she can just add the
"-bd" flag back to the list of sendmail options. Not binding to port 25
by default really doesn't hurt anyone and probably saves a few clueless
admins from themselves. The same goes for the other network services.

Just my $.02

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message