Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] Secure By Default - PLEASE!
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Tue, 22 Aug 2000 10:36:06 +0200
- Message-id: <20000822103606.B4594@xxxxxxxxx>
* Norbert Preining wrote on Tue, Aug 22, 2000 at 09:20 +0200:
> On Tue, 22 Aug 2000, Thomas Biege wrote:
> > If people use the tools we deliver with SuSE + their brains (note: we
> > don't ship brains with SuSE), then they could get a very secure system
> > within a short time of work.
>
> This is NOT a good idea. Either the default install (and the default
> install for most people is `ALL') enables all the services, which IS
> crazy! No idea why identd, and similar have to run on a dialin machine?
I think, if you're a more experienced user, you will have no
problem with disabling services. If you have a lot of machines,
the just generate a patch (or patch-set), and a little script
that uses SSH to patch or somethink similar, you know.
If you're a "newbee" you probably want to take just a look.
newbees don't know how to disable services (this is not linux
specific, and a GUI frontend won't help; see i.e. NT: most boxes
have unused services). They just want features.
To explain a newbee how to enable a service could take serveral
minutes for the hotline. An experienced user isn't needing such
help.
For me the default config does not matter very much. Patch is
installed anyway, so it takes some seconds to get a new config :)
IMHO.
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> On Tue, 22 Aug 2000, Thomas Biege wrote:
> > If people use the tools we deliver with SuSE + their brains (note: we
> > don't ship brains with SuSE), then they could get a very secure system
> > within a short time of work.
>
> This is NOT a good idea. Either the default install (and the default
> install for most people is `ALL') enables all the services, which IS
> crazy! No idea why identd, and similar have to run on a dialin machine?
I think, if you're a more experienced user, you will have no
problem with disabling services. If you have a lot of machines,
the just generate a patch (or patch-set), and a little script
that uses SSH to patch or somethink similar, you know.
If you're a "newbee" you probably want to take just a look.
newbees don't know how to disable services (this is not linux
specific, and a GUI frontend won't help; see i.e. NT: most boxes
have unused services). They just want features.
To explain a newbee how to enable a service could take serveral
minutes for the hotline. An experienced user isn't needing such
help.
For me the default config does not matter very much. Patch is
installed anyway, so it takes some seconds to get a new config :)
IMHO.
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |