Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] Secure By Default - PLEASE!
- From: Nix <nix@xxxxxxxxx>
- Date: Tue, 22 Aug 2000 14:12:49 +1000
- Message-id: <4.3.0.20000822140613.00b2cb00@xxxxxxxxxxxxxxxxx>
--snip--
Bah.. OpenBSD get's up my nose... almost as much as OpenBSD users do.
Elitist bunch of F&*K&^R&. I have installed OBSD a few times and user it when
I have to.... I think SuSE does it the _correct_ way, they have the suff there
with all the config files, you just need to un comment out the bit you want.
I just want a few more services disabled by default is all. I'd even settle for having things
like apache running, just, please comment out more things in inetd.conf!!!!!
Cheers
Peter Nixon
Senior Security Consultant
IT Audit & Consulting (ITAC) Pty Ltd
http://www.itaudit.com.au
mailto:petern@xxxxxxxxxxxxxx
> I love SuSE, and thinks it's the best Distro available, yet, a disabled by> Kurt Seifried
> default
> policy would IMHO be the best thing SuSE could ever do.
> As far as I'm concerned the only thing that should be enabled by default
is
> sshd and _thats's_ even debatable.
> Face it, it's not going to make it any harder for your average desktop
> flunkie who want's to setup a kde box and browse the web. If they want
> to run a personal web server or ftp server then that _should_ know how
> to enable it from inetd.conf etc, or they should NOT be running the thing.
Prolly won't happen, as most users are more concerned about usability then
security (simple fact of life).
> I think the harden SuSE script, and SuSE firewall is brilliant, but half
of the
> things harden_suse does should be _default_ not options available in an
> optional package in the sec series....
Shouldawouldcoulda but don't.
> PLEASE PLEASE make a few simple changes to the defaults to help make
> SuSE the most secure Mainstream linux distro out there in.
I think a solid middle ground would be to ship something like bastille-linux
(getting quite advanced especially with support from Mandrake), and really
strongly urge users to run it. If you want secure by default use OpenBSD,
personally I find a lot of issues with OpenBSD (no POP/IMAP server, they
have had several remote root holes in dhcpd client and ftp, but they claim
these are not "default"...).
Bah.. OpenBSD get's up my nose... almost as much as OpenBSD users do.
Elitist bunch of F&*K&^R&. I have installed OBSD a few times and user it when
I have to.... I think SuSE does it the _correct_ way, they have the suff there
with all the config files, you just need to un comment out the bit you want.
I just want a few more services disabled by default is all. I'd even settle for having things
like apache running, just, please comment out more things in inetd.conf!!!!!
Cheers
Peter Nixon
Senior Security Consultant
IT Audit & Consulting (ITAC) Pty Ltd
http://www.itaudit.com.au
mailto:petern@xxxxxxxxxxxxxx
| < Previous | Next > |