If people use the tools we deliver with SuSE + their brains (note: we don't ship brains with SuSE), then they could get a very secure system within a short time of work.
In some installations you might find IT-experts whith lots of brains, but a lack of security-related experience. Developers do not have time to listen to security advices. But they set up their test/development/something servers in their domain, holes wide open _not_ shut. Distributions could improve the situation by default.
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited and neither all the ports are. It's 99% secure as long as you just use
the
default install but then it's not a very productive system; third party software is as buggy as the stuff on FreeBSD or Linux or whatever.
I like, use and support OpenBSD, but it's not a modern unix. And will never be, because the man power is missing.
SuSE 7.0 hast a YaST2 module, that allows the not-so-experienced User to modify /etc/inetd.conf in a easy way, to shut inetd off (even YaST1 ask for this) or to use a default /etc/inetd.conf. In future more security modules will be added to YaST2.
And it could be a forerunner by disabling various services by default. SMTP-relaying, IP-forwarding, .. already disabled by default.
Bye, Thomas --
Rainer