From owner-freebsd-security Fri Sep 22 11:22:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id CEBF237B423 for ; Fri, 22 Sep 2000 11:22:23 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA08791; Fri, 22 Sep 2000 12:22:08 -0600 (MDT) Message-Id: <4.3.2.7.2.20000922121808.00c7cc30@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 22 Sep 2000 12:22:00 -0600 To: Drew Derbyshire , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! In-Reply-To: <39CB4C42.1A59669C@kew.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:10 AM 9/22/2000, Drew Derbyshire wrote: >Most people also want a secure system. Don't even get me started about >rlogin/rsh being on by default in /etc/inetd.conf. That's a change that should be committed YESTERDAY. All in favor? >IMHO, many people wouldn't know NFS if it bit them in the nose. I think you are correct. >If an NFS startup is enabled and the associated required portmap server is >not, then a improved RC script can override the setting and start portmap >automatically (with a suitable nasty warning to console and/or log). >Turning in portmap by default because someone MAY want NFS is not suitable. Agree. >Like others, I would prefer mail was left disabled or prompted for: > > 1. Mail running behind a firewall normally has to be reconfigured to work > properly to see the enterprise mail relay. > 2. Mail running on a firewall normally has be reconfigured to work > properly to allow mail from the machines behind it. Ironically, these are some of the very things that Sendmail.com uses to add value to its commercial version of Sendmail. They provide Web-based forms to help set things like this up. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message