From owner-freebsd-security Wed Aug 15 12:41: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id 99C4437B401; Wed, 15 Aug 2001 12:40:51 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.Awfulhak.org [2001:6f8:602:1::12]) by Awfulhak.org (8.11.5/8.11.5) with ESMTP id f7FJeug90175; Wed, 15 Aug 2001 20:40:56 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f7FJepc73604; Wed, 15 Aug 2001 20:40:51 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200108151940.f7FJepc73604@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Robert Watson Cc: Gavin Grabias , security@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: Message from Robert Watson of "Wed, 15 Aug 2001 15:32:57 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 15 Aug 2001 20:40:51 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > On Wed, 15 Aug 2001, Gavin Grabias wrote: > > > > Good point, but thats a little different. Warning those who care > > > (subscribers of the list) about security advisories is MUCH different > > > than making the OS mute because a percentage of the installers can't > > > figure out (or don't know that they SHOULD figure out) how to turn off > > > sendmail, telnet, etc. It just won't save the experienced users any > > > time to have them disabled, and it won't stop the 'clueless' from being > > > just that. > > > > Security is starting to sound like a bug instead of a feature for > > FreeBSD. We are arguing about whether users can use a text editor to > > edit their inetd.conf. The secure approach would be to disable all > > services by default. If the user wants "features" make him/her read > > about them and educate themselves. Then they can make the decision as > > to whether they want the service enabled. > > This is what FreeBSD 4.4 does with the inetd network services. There's an > on-going debate about how best to handle this WRT sendmail, as local mail > delivery is required for some internal base system functionality (vi > recovery files, cron'd events, etc). I'm don't intend to advocate that sendmail be turned off, but it *is* possible to add daily_output=/var/log/daily.log weekly_output=/var/log/weekly.log monthly_output=/var/log/monthly.log to /etc/periodic.conf to avoid the periodic mails.... > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message