At 08:30 AM 8/22/2000 +0200, Thomas Biege wrote:
Hi,
PLEASE PLEASE make a few simple changes to the defaults to help make SuSE the most secure Mainstream linux distro out there in.
I think a solid middle ground would be to ship something like bastille-linux (getting quite advanced especially with support from Mandrake), and really
If people use the tools we deliver with SuSE + their brains (note: we don't ship brains with SuSE), then they could get a very secure system within a short time of work.
*grin* Yes, I totally agree with you, which is why I love SuSE so much. I guess I just would like it to be just a "little bit" more secure out of the box. Most newbies wouldn't know whether or not they have "finger" running for instance and anyone who's ever used any unix system for longer than a few hours should know how to re-enable it in inetd...
strongly urge users to run it. If you want secure by default use OpenBSD, personally I find a lot of issues with OpenBSD (no POP/IMAP server, they have had several remote root holes in dhcpd client and ftp, but they claim these are not "default"...).
Hrhr... 'secure by default' nice buzzwords. AFAIK /usr/bin isn't audited and neither all the ports are. It's 99% secure as long as you just use the default install but then it's not a very productive system; third party software is as buggy as the stuff on FreeBSD or Linux or whatever.
Agreed...
I like, use and support OpenBSD, but it's not a modern unix. And will never be, because the man power is missing.
One of the main reasons man power is missing from the OBSD team is that they are all so "high and mighty"
SuSE 7.0 hast a YaST2 module, that allows the not-so-experienced User to modify /etc/inetd.conf in a easy way, to shut inetd off (even YaST1 ask for this) or to use a default /etc/inetd.conf. In future more security modules will be added to YaST2.
Excellent, Unfortunately I am still waiting for the first shipment of SuSE 7.0 to get to Australia. (I have already paid www.everythinglinux.com.au now I wait......)
The experienced-power-ueber User uses vi or sed to edit the config-files and make their box secure.
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
Please keep up the good work, and I wait impatiently for SuSE 7 to make it "down under" Peter Nixon Senior Security Consultant IT Audit & Consulting (ITAC) Pty Ltd http://www.itaudit.com.au mailto:petern@itaudit.com.au