hi as far as the yast thing is concerned, if i dont know linux well, and i'm a newbie, i'm not concerned as to what's there in inetd.conf . i feel the developers or the packagers must think that the people who is it are idiots ( not me !) and target them. if not attracting new people to linux is very difficult. why should people change anything is yast when they dont what it stands for ? sorry to bring M$ here, but that's what they do, and that's what general users like, may be not programmers like me. for instance, if you are using a linux box for home use, with DUN , what is the use of ftp, telnet, imap, pop3 ? the main point is why keep them enabled ? if u are not using for home use, and u are an administrator, then u *ought* to know how to enable them. if you are a _dumb_ one, then the least good thing that can happen is to send a mail to root ( as it is being doen for other things ) to inform the root that firewalls have closed down such and such ports , sucha dnnd such service is disabled, if you are worth ur name then enable it ! in both cases, it will be secure. but why such a big issue. why not put in a simple script at the end of phase II of installation ( i only know how 6.3 does) just before the root login ? i'm sure it'll be much appreciated and if it really happens, i'll be one of the first to do so. regards cheedu On Tue, 22 Aug 2000, Thomas Biege wrote:
Hi,
PLEASE PLEASE make a few simple changes to the defaults to help make SuSE the most secure Mainstream linux distro out there in.
I think a solid middle ground would be to ship something like bastille-linux (getting quite advanced especially with support from Mandrake), and really
If people use the tools we deliver with SuSE + their brains (note: we don't ship brains with SuSE), then they could get a very secure system within a short time of work.
strongly urge users to run it. If you want secure by default use OpenBSD, personally I find a lot of issues with OpenBSD (no POP/IMAP server, they have had several remote root holes in dhcpd client and ftp, but they claim these are not "default"...).
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited and neither all the ports are. It's 99% secure as long as you just use the default install but then it's not a very productive system; third party software is as buggy as the stuff on FreeBSD or Linux or whatever.
I like, use and support OpenBSD, but it's not a modern unix. And will never be, because the man power is missing.
SuSE 7.0 hast a YaST2 module, that allows the not-so-experienced User to modify /etc/inetd.conf in a easy way, to shut inetd off (even YaST1 ask for this) or to use a default /etc/inetd.conf. In future more security modules will be added to YaST2.
The experienced-power-ueber User uses vi or sed to edit the config-files and make their box secure.
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ***** cogito cogito ergo cogito sum: i think that i think, therefore i think that i am. --Devils Dictionary --