From owner-freebsd-security Tue Nov 23 15:14:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id C203E14A17 for ; Tue, 23 Nov 1999 15:14:34 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id PAA23803; Tue, 23 Nov 1999 15:13:20 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id PAA06043; Tue, 23 Nov 1999 15:13:20 -0800 Received: from softweyr.com (dyn0.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA26281; Tue, 23 Nov 99 15:13:16 PST Message-Id: <383B1F8C.60DC2726@softweyr.com> Date: Tue, 23 Nov 1999 16:13:16 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Brian Handy Cc: James Gill , security@FreeBSD.ORG Subject: Re: Disabling FTP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Handy wrote: > > >> tell that to -advocacy. > > > >If they can't install it, they won't ever stay with it. The solution to > >this is to create install profiles, including a "clueless newbie" install > >that turns on everything but warns them this can be dangerous. A little > >doco that explains WHY it's dangerous wouldn't hurt. > > Seems to me the solution is even simpler than that -- there's a question > in the [emphasis] "NOVICE" [/emphasis] install that asks if you want to > turn on anonymous ftp. Why not just extend that a bit to ask if you want > ftpd turned on at all, and put the appropriate hook in rc.conf like we do > with so many other things? There may be as many as 20 little knobs to turn on and off; this is NOT going to SIMPLIFY the install. At a glance, ftp, telnet, shell, login, finger, ntalk, ident, and smtp are all ones to put in the Q&A, and that's just glancing through /etc/inetd.conf quickly. A newbie isn't going to know what to do about any of them. So, you give them a button that says "I'm a newbie, let me install an OPEN system" and then point them at a document that tells them what the differences between the "Newbie OPEN" install and the "Expert Closed" install are, and why they differ. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message