Date: Wed, 15 Aug 2001 09:16:04 -0500 From: Eric Anderson <anderson@centtech.com> To: mixtim@mixtim.homeip.net Cc: security@freebsd.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <3B7A8424.CBFF1F30@centtech.com> References: <20010815134852.B16184@zerogravity.kawo2.rwth-aachen.d> <59836.997879734@axl.seasidesoftware.co.za> <20010815100621.A5853@mixtim.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's the thing. I thought that was a great idea - until I started installing (ick) RedHat 7.1 on a few machines here at the office. It has everything closed off, so remote access is not possible off the hat (ssh will work, but you have to add a local non-root user). Thats not the biggest deal, I would much prefer to install FreeBSD and head back to my desk down the hall and configure the rest there. Plus, anyone installing FreeBSD should have a good idea that they are installing an OS that has many servers running, some possibly easy to hack. I think the best thing to do is leave the defaults how they are, but add a sysinstal window that comes up after everything is installed, and show the services enabled, allowing the installer to select/deselect services to run at startup. I definitely don't think it's a good idea to have it so dumbed down that my grandmother could install it and feel safe on the internet. It isn't up to the programmers of the operating system to protect the users of it. Eric my $.10 (inflation) Mixtim wrote: > > On Wed, Aug 15, 2001 at 02:48:54PM +0200, Sheldon Hearn wrote: > > The only problem here is that FreeBSD could be seen as a system that > > does nothing out of the box. :-) > > This is not an unresolvable problem, it's just something that needs to > > be considered. > > I've installed FreeBSD on quite a few machines. Every install required > tweaking configuration files and editing rc.conf. Since you do this > every install anyway, why not disable every network service and make the > administrator turn on what they really need? > > I mean seriously... how many people actually use the default sendmail.cf > file (for those who do use sendmail) for their network mail server? > Nobody. You always end up having to edit the .mc file for one reason or > another. While the admin is configuring sendmail he/she can just add the > "-bd" flag back to the list of sendmail options. Not binding to port 25 > by default really doesn't hurt anyone and probably saves a few clueless > admins from themselves. The same goes for the other network services. > > Just my $.02 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B7A8424.CBFF1F30>