Hi guys, On Tue, 22 Aug 2000, Thomas Biege wrote: ...
we don't sell a hyper-secure Linux, we sell a nearly complete and useable Linux. we have to go the small path between security and useablity, and in my opinion we do that very well.
...
Even at the university where I have installed some susis, I alwyas have to maually shut down all the irrelevant and dangerous services. Services
that's ok, because you know what's dangerous, but the unexperienced users just sees a not working system if we disable all services and remove all sbit's.
How about the users choosing at install-time, yast could (with a detailed info) ask for a secure-all-disabled or a insecure-all-working installation. By the way, why is /etc/perm.paranoid not addressable by yasts security prefs ?
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited and neither all the ports are. It's 99% secure as long as you just use the
Nobody says if you turn of all unnecessary services the system is secure, but it is MORE secure than standard and at least a pc all the time linked up to the inet is not as vulnerable as before.
right, but it's also more unusable.
It seems to be hard enough to configure, take a look at the article in the actual c't (win2000<->SuSE linux). So if I have to read the man pages to config the server program, I can also uncomment the inetd.conf entry.
The experienced-power-ueber User uses vi or sed to edit the config-files and make their box secure.
thats true, but there are not only power users! The other way round would be better: experienced-ueber-drueber-power users can turn on all the services they need easily and fast!
we are not OpenBSD. (and that's good so)
Right. But a simple requestor in yast and some scripts exchanging default with secure configs should be sufficient to sattisfy the standard users wanting unlimited usability (nerds) and those wanting control. Michael Schmidt Icewolf PS: I see myself as a newby as a started with linux with SuSE 6.0 and I am no IT.