I must disagree with your statistics. I hardly think that 99% of users that have been using a GNU/Linux system for at or around 2 years does not know anything about system configuration. The first thing I discovered when I booted my first SuSE install was that squid was grinding up my HDD and the "default install" had loaded all this crap on there ;) Anyhow, I prefer to configure the programs themselves, but under something like SuSE or any other commercial distrib, they supply tools such as YaST to easily configure your system, even if editing a self-documented file is a bit too much for someone. I do agree that many users only know vague details of system internals, but I hardly consider basic system configuration to be reserved only for GNU/Linux experts. As far as I remember, YaST was made fairly accessable through SuSE's default interface that they adapt to the various windowmanagers. Mayhaps the GUI interface part can be made easier for the end user? Robert_Helmer http://robert.namodn.com Hartmut Gerlicher wrote:
Anyway, you should always disable EVERY daemon until you know exactly what it does and how to configure.
Now, there are two ways to go: a) If you don't install a daemon that you don't know it won't be enabled by default/yast. It's much better to read the man page first -and install a daemon if it is needed. b) If you choose a standard installation with various daemons check your /etc/inetd.conf, disable all unknown daemons (that are enabled by yast) and edit your configuration file (in that you can disable those daemons).
No problem to do this for somebody who knows Linux well. But even userers who are using Linux now for more than 2 years do not know a lot about the interns and the relatet security-risks. 99% of them do not know "Know Your Enemy" and 99% of them use some "Standard-Installation". And they aren´t that able to edit conf and rc scripts.
(BTW: for nscd there seems to be no manpage/documentation. And I do not remember beeing asked at installation if I want to install nscd or not.)
Hartmut
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com