From owner-freebsd-security Fri Sep 22 0:12:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 7546037B422 for ; Fri, 22 Sep 2000 00:12:13 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1088) id DEC622B209; Fri, 22 Sep 2000 02:12:07 -0500 (CDT) Date: Fri, 22 Sep 2000 02:12:07 -0500 From: Dave McKay To: Brett Glass Cc: Wes Peters , nbm@mithrandr.moria.org, security@freebsd.org Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922021207.A90466@elvis.mu.org> References: <99016.969437392@winston.osd.bsdi.com> <99016.969437392@winston.osd.bsdi.com> <20000920125405.D22272@149.211.6.64.reflexcom.com> <4.3.2.7.2.20000921113652.053d4960@localhost> <20000921210521.A17973@mithrandr.moria.org> <39CA8E45.7DA45048@softweyr.com> <4.3.2.7.2.20000921182152.046d6ee0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <4.3.2.7.2.20000921182152.046d6ee0@localhost>; from brett@lariat.org on Thu, Sep 21, 2000 at 06:32:48PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass (brett@lariat.org) wrote: *snip* > Telnet is dangerous and should be disabled now that SSH is in common use > and is not encumbered by patents. sshd should be on unless the user > asks for it not to be. (He or she should still be asked.) SSH is in common use? It is still third party on Linux and Windows, and Solaris. Telnet *IS* however installed by default on every major OS I can think of. > I wind up spending hours agonizing over the configuration of every > FreeBSD install I do, because I have to turn off many of the defaults > which could potentially compromise security or waste resources. This is not healthy. Editing /etc/inetd.conf and /etc/rc.conf shouldn't take one hours, this sounds like a personal problem. > >They rely on firewalls, prayer, or > >abject cluelessness to secure their systems, and that's just fine. > > Windows users do that. FreeBSD users should have it better. uhm.. can't find the words.. > >Have you considered using OpenBSD? It does install with a more secure (i.e. > >"doesn't work for most people") configuration out of the box. > > I have not only considered it -- I've used it quite a bit. On the table > next to me are machines with the latest releases of FreeBSD, NetBSD, > and OpenBSD. You'll have to forgive me, I don't subscribe to the netbsd or openbsd lists, but do you suggest these ideas to *BSD? If everyone in the world was straw- berry then no one would taste good. -- Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@sneakerz.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message