Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] Secure By Default - PLEASE!
- From: Thomas Biege <thomas@xxxxxxx>
- Date: Tue, 22 Aug 2000 08:30:10 +0200 (CEST)
- Message-id: <Pine.LNX.4.21.0008220815470.15449-100000@xxxxxxxxxxxxxx>
Hi,
> > PLEASE PLEASE make a few simple changes to the defaults to help make
> > SuSE the most secure Mainstream linux distro out there in.
>
> I think a solid middle ground would be to ship something like bastille-linux
> (getting quite advanced especially with support from Mandrake), and really
If people use the tools we deliver with SuSE + their brains (note: we
don't ship brains with SuSE), then they could get a very secure system
within a short time of work.
> strongly urge users to run it. If you want secure by default use OpenBSD,
> personally I find a lot of issues with OpenBSD (no POP/IMAP server, they
> have had several remote root holes in dhcpd client and ftp, but they claim
> these are not "default"...).
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited
and neither all the ports are. It's 99% secure as long as you just use the
default install but then it's not a very productive system; third party
software is as buggy as the stuff on FreeBSD or Linux or whatever.
I like, use and support OpenBSD, but it's not a modern unix. And will
never be, because the man power is missing.
SuSE 7.0 hast a YaST2 module, that allows the not-so-experienced User to
modify /etc/inetd.conf in a easy way, to shut inetd off (even YaST1 ask
for this) or to use a default /etc/inetd.conf.
In future more security modules will be added to YaST2.
The experienced-power-ueber User uses vi or sed to edit the config-files
and make their box secure.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
> > PLEASE PLEASE make a few simple changes to the defaults to help make
> > SuSE the most secure Mainstream linux distro out there in.
>
> I think a solid middle ground would be to ship something like bastille-linux
> (getting quite advanced especially with support from Mandrake), and really
If people use the tools we deliver with SuSE + their brains (note: we
don't ship brains with SuSE), then they could get a very secure system
within a short time of work.
> strongly urge users to run it. If you want secure by default use OpenBSD,
> personally I find a lot of issues with OpenBSD (no POP/IMAP server, they
> have had several remote root holes in dhcpd client and ftp, but they claim
> these are not "default"...).
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited
and neither all the ports are. It's 99% secure as long as you just use the
default install but then it's not a very productive system; third party
software is as buggy as the stuff on FreeBSD or Linux or whatever.
I like, use and support OpenBSD, but it's not a modern unix. And will
never be, because the man power is missing.
SuSE 7.0 hast a YaST2 module, that allows the not-so-experienced User to
modify /etc/inetd.conf in a easy way, to shut inetd off (even YaST1 ask
for this) or to use a default /etc/inetd.conf.
In future more security modules will be added to YaST2.
The experienced-power-ueber User uses vi or sed to edit the config-files
and make their box secure.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
| < Previous | Next > |