Date: Fri, 16 Jul 1999 12:49:02 GMT From: mike@sentex.net (Mike Tancsa) To: gill@topsecret.net ("James Gill") Cc: questions@freebsd.org Subject: Re: is having the ports secure? Message-ID: <378f29a4.318030864@mail.sentex.net> In-Reply-To: <MAILNDBBJDFMIMOCFNNCEKADAEBDCJAA.gill@topsecret.net> References: <MAILNDBBJDFMIMOCFNNCEKADAEBDCJAA.gill@topsecret.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Jul 1999 23:46:57 -0400, in sentex.lists.freebsd.questions you wrote: > >Hi.. > >If i'm trying to make a secure installation (for example a firewall box) >that will run only a finite set of services (NAT, firewalling, DNS, and not >very much else), wouldn't it be better (more secure) to not install the >whole ports collection but only the specific ports for the services I want? >Aside from the (forty?) megabytes I would save on the already pretty small >disk. > >Am I on the right track here? It should not make a difference, as installing the ports tree only gives you the make files. There are no setuid apps in there. As for installing only what you need, absolutely. You can probably not run any of inetd, since all you want is probably sshd to remotely admin the box, and then limit access to port 22 on the source IP you would be coming from. ---Mike Mike Tancsa (mdtancsa@sentex.net) Sentex Communications Corp, Waterloo, Ontario, Canada "Who is this 'BSD', and why should we free him?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?378f29a4.318030864>