From owner-freebsd-security Thu Aug 12 21:25:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from garlic.acadiau.ca (garlic.acadiau.ca [131.162.2.48]) by hub.freebsd.org (Postfix) with ESMTP id 22DA614C3B for ; Thu, 12 Aug 1999 21:25:39 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon (dragon.acadiau.ca [131.162.200.56]) by garlic.acadiau.ca (8.8.5/8.8.5) with ESMTP id BAA22673; Fri, 13 Aug 1999 01:24:55 -0300 (ADT) Date: Fri, 13 Aug 1999 01:24:54 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: "Mikhail A. Sokolov" Cc: Tom Brown , "'freebsd-security@freebsd.org'" Subject: Re: "Secure-FreeBSD" Idea In-Reply-To: <19990813031813.A94114@demos.su> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 13 Aug 1999, Mikhail A. Sokolov wrote: > On Thu, Aug 12, 1999 at 09:52:48AM -0700, Tom Brown wrote: > # HI, > # > # Now realistically all this would have to be is a really anal installation process, forcing the user to positively select services such as ftp,telnet, sendmail etc. So if you don't select anything, you can't much. It would also have carefully set UMASKS and probably come with some easy way to get the user to set-up tripwire and ipfw for example. > # > # I suspect that most of the readers of this list spend a fair amount of time going through the same laborious process of tying down each server they built. How about we pools this vast collection of procedures together and try to build some kind of a security release. We all know (well at least I hope we do!) what a solid O/S FreeBSD is, wouldn't this be the ideal opportunity, to push the OS further into the public eye? > > Robert Watson has some tools, which are supposed to be bringing standard > system install to somewhat more secure state, it was under the idea > of 'the freebsd hardening project'. I guess he reads this list and could > comment, actually. I was toying with this idea too. People often say when comparing FreeBSD and linux that "FreeBSD is harder to install." Although I don't agree with that statement, I had to take note on how easy my install of BeOS went. Basically I popped the CD in, selected the partition and hit install. It whirled rebooted and presto, I was running Be. How about presenting the user with a few choices: a) web server b) POP server c) firewall ... etc. Then automagically do up a complete whatever install. This way, joe in the office gets pissed with NT and iis, he can sit down and have a fully running web server in 15 minutes and a few keystrokes. Who says it's easy to install NT and iis because it's all GUI? I believe it's just as easy to do without all kinds of graphic animated bloat. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message