Date: Sun, 17 Oct 1999 12:51:19 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Alex Charalabidis <alex@wnm.net> Cc: tom brown <tmcb1971@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: General securiy of vanilla install WAS [FreeSSH] Message-ID: <Pine.BSF.4.05.9910171231220.93538-100000@pogo.caustic.org> In-Reply-To: <Pine.BSI.4.05.9910162349330.14034-100000@earth.wnm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-- on inetd -- actually, i think that most experienced freebsd folks would just vi /etc/rc.conf and add the line 'inetd_enable="NO"'. yes, there should be a simple option to have this enabled or disabled from /stand/sysinstall. perhaps a simple check menu for each of the services in a row.. and at the top something for the inetd? -- vanilla install security -- in general, disabling everything in a vanilla install might be counter productive for the average user, since most folks who install freebsd don't use it as a workstation. they tend to use it as a server (this is my own bias, since 80% of the FreeBSD boxen that i build are servers anyway), and need most of the services from the inetd. the first installs i do are: ssh (we have a happy tarball already made, and has all the configurations there), shells we might need, edit down the inetd.conf (or dissable it). it doesn't take me much more than 30 minutes per machine for specific installs, or about 15 minutes for a general install. on workstation installs, i dissable the inetd completely, then do the standard installs from there. X and such adds to the time it takes to get the install done. of course, this is just my stupid $0.02 worth on this. on another note, has anyone considered replacing sendmail in the base dist of FBSD? see ya all at the con, -- jan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9910171231220.93538-100000>