Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Jul 1999 12:49:02 GMT
From:      mike@sentex.net (Mike Tancsa)
To:        gill@topsecret.net ("James Gill")
Cc:        questions@freebsd.org
Subject:   Re: is having the ports secure?
Message-ID:  <378f29a4.318030864@mail.sentex.net>
In-Reply-To: <MAILNDBBJDFMIMOCFNNCEKADAEBDCJAA.gill@topsecret.net>
References:  <MAILNDBBJDFMIMOCFNNCEKADAEBDCJAA.gill@topsecret.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Jul 1999 23:46:57 -0400, in sentex.lists.freebsd.questions you wrote:

>
>Hi..
>
>If i'm trying to make a secure installation (for example a firewall box)
>that will run only a finite set of services (NAT, firewalling, DNS, and not
>very much else), wouldn't it be better (more secure) to not install the
>whole ports collection but only the specific ports for the services I want?
>Aside from the (forty?) megabytes I would save on the already pretty small
>disk.
>
>Am I on the right track here?

It should not make a difference, as installing the ports tree only gives
you the make files. There are no setuid apps in there.  As for installing
only what you need, absolutely.  You can probably not run any of inetd,
since all you want is probably sshd to remotely admin the box, and then
limit access to port 22 on the source IP you would be coming from.

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Who is this 'BSD', and why should we free him?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?378f29a4.318030864>