From owner-freebsd-security Wed Aug 15 6:23:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id C39CF37B40B; Wed, 15 Aug 2001 06:23:31 -0700 (PDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.4/8.11.4) with SMTP id f7FDMPI79928; Wed, 15 Aug 2001 09:22:25 -0400 (EDT) (envelope-from arr@watson.org) Date: Wed, 15 Aug 2001 09:22:24 -0400 (EDT) From: "Andrew R. Reiter" To: Sheldon Hearn Cc: Alexander Langer , Robert Watson , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <59836.997879734@axl.seasidesoftware.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org : :> We can disable binding to port 25 and local mail delivery will still :> work. I also like disabling all other network services by default. :> One of OpenBSD's argument is, that you then know what services you've :> had enabled, and you then know, what to take care about. If you :> missed a SA about some service you haven't enabled either, who cares? : :The only problem here is that FreeBSD could be seen as a system that :does nothing out of the box. :-) : :This is not an unresolvable problem, it's just something that needs to :be considered. What about sysinstall options for this type of thing? We have a post-install Security configuration menu -- perhaps expanding this would be valuable? Andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message