Date: Fri, 24 Mar 2000 08:42:10 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Bob Johnson <bobj@atlantic.net> Cc: Warner Losh <imp@village.org>, audit@freebsd.org Subject: Re: Portmapper enabled, IPv6 circumvents FW Message-ID: <Pine.NEB.3.96L.1000324083722.38246A-100000@fledge.watson.org> In-Reply-To: <3.0.6.32.20000324003034.009ad530@rio.atlantic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Another possibility would be a configuration choice during the install that let you specify the ``openness'' of the initial inetd.conf. This could be easily hacked up in the form of ``enable network services by default?'' and just having two, or having sysinstall provide an actual management interface. And especially on the IPv6 side, ``Do you wish to enable IPv6 network services?'' where at least at first, there will not be many consumers. Presumably each of these choices, unlike todays install selections, would come with a description of what the choice means. And without too many double negatives. :-) One reason that you might find objection to actually disabling telnet and so on by default is a loss of functionality in the case of serial installs, although that can be put down to a failure of sysinstall to initially configure /etc/ttys correctly. Robert On Fri, 24 Mar 2000, Bob Johnson wrote: > Please, please, please do it! > > It's bad enough that I have to keep begging people on our networks > to turn off all network services as soon as they do an install. > > If Red Hat starts disabling them by default before FreeBSD does, > I won't even be able to say "you should have used FreeBSD". > > -- Bob > > At 12:37 PM 03/23/2000 -0700, you wrote: > >In message <v0422080cb5002170b286@[195.238.1.121]> Brad Knowles writes: > >: I would like very much to see these patches get committed, so > >: that the box tends to be secure by default out-of-the-box, and then > >: you turn on the additional features you want/need. > > > >Eivind submitted them a while ago. I'll have to dust it off and see > >about committing it. > > > >Warner > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-audit" in the body of the message > > > > > > +-------------------------------------------------------- > | Bob Johnson > | bobj@atlantic.net > +-------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000324083722.38246A-100000>