you are kidding me right? I like a secure box but what you are asking for is to turn off all services by default and that would even throw a professional off and especially a newbie. They would never get this thing running unless SuSE ramped up their utility and gave you a way to toggle everything. I never have been able to get X11 forwarding with ssh working under SuSE 5.3-7.1 and I can't ever figure out why because I figure SuSE turned this service off by default but left me to figure out how to turn it back on. It's a mess when they do that. And yes the machine runs a firewall and I still can't get it to go. If we do what you suggest I propose I have same problem with other services as well. One would have to know each single service in detail to get it. mk
From: Gideon Hallett
Reply-To: diogenes@freeuk.com To: StarTux , Keith Gibbons CC: SuSE Linux Subject: Re: [SLE] 7.2 --- excellent Date: Thu, 21 Jun 2001 23:27:36 +0100 On Thursday 21 June 2001 20:37, StarTux wrote:
I agree...
And it was not that small of an upgrade. Did my server last night, took less than hour to do the upgrade of 477 packages. It came right up on-line after the upgrade :-).
While my feelings about 7.2 are generally very positive, I have to say that's one thing I really didn't like; the fact that it *did* come straight up online. I'm attached to a cable modem; if I were a newbie user, I'd be unprepared for the big wide world. And while the SuSE firewall is OK, it's based on ipchains, which is (IMO) not a patch on iptables.
(I know that SuSEfirewall2 will be iptables-based, but it seems a little odd to be relying on ipchains while using a 2.4 kernel; especially given that iptables is not hard to include during the install; the manuals don't (AFAIR) mention it.)
Apart from all else, I think there's something to be said for keeping things *firmly* closed until the user has RTFM enough to run a safe 'net connection.
Firstly, it means that they aren't going to have ports open everywhere (which is a Good Thing); and secondly, it will get them into the habit of looking at the manuals as a way of obtaining instruction (which is also a Good Thing).
I know that there is a lot to be said for giving a new user a gentle introduction; but if this gives them a false sense of security, then they are likely to get 0wn3d. And a number of them will probably blame the software (because *they* didn't bone up on essential survival skills).
I don't know; I think my own personal idea of a good introduction would be a banner saying "Your net connection won't work until you go to page X of the manual and follow the procedures - oh, and if you want vaguely secure data, read all the rest of the section as well".
This might be a bit of a bondage-and-discipline way of doing things, but people *really* need to realize that security is their own responsibility.
I've picked up no fewer than 51 dubious packets in the last 12 hours. Most of them were aimed at Windows-specific or high-numbered ports or 1080; but now and then you get people trying to connect to 512-514 or 21 - ports that a lot of newbies might not defend adequately - and they wouldn't know without checking /var/log/messages.
(Though, credit to SuSE for their section on security in the Networking section of the 7.2 manual; it's much-needed.)
We don't have black-box software 'firewalls' in the Linux community - while this is a damn good thing, we need to make sure that the free and open tools get *used* - and that the users are aware of their strengths and shortcomings from the start.
Gideon Hallett.
(Oh; btw, has anyone managed to get freedb submissions working with kscd yet? - for whatever reason, it only ever allows me to choose the Default profile; and my ISP really doesn't like that, as well as using ESMTP by default.)
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
On Thursday 21 June 2001 23:11, Purple Shirt wrote:
I never have been able to get X11 forwarding with ssh working under SuSE 5.3-7.1 and I can't ever figure out why because I figure SuSE turned
Did you uncomment the line X11 Forward yes in /etc/ssh/ssh_config? Hope it helps, Alvaro Novo SuSE 7.1 -=- Kernel 2.4.2-4GB -=- KDE 2.1.1 11:40pm up 7 days, 12:26, 4 users, load average: 0.06, 0.11, 0.11
On Thu, Jun 21, 2001 at 11:41:10PM -0500, ?lvaro A. Novo wrote:
On Thursday 21 June 2001 23:11, Purple Shirt wrote:
I never have been able to get X11 forwarding with ssh working under SuSE 5.3-7.1 and I can't ever figure out why because I figure SuSE turned
Did you uncomment the line X11 Forward yes in /etc/ssh/ssh_config?
There is also -X option to the ssh client... -Kastus
Hope it helps,
Alvaro Novo
SuSE 7.1 -=- Kernel 2.4.2-4GB -=- KDE 2.1.1 11:40pm up 7 days, 12:26, 4 users, load average: 0.06, 0.11, 0.11
participants (3)
-
Konstantin (Kastus) Shchuka
-
Purple Shirt
-
Álvaro A. Novo