From owner-freebsd-arch  Wed Oct 11 15:44:12 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 2CE9A37B66C
	for <arch@FreeBSD.ORG>; Wed, 11 Oct 2000 15:44:10 -0700 (PDT)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e9BMg3C05085;
	Wed, 11 Oct 2000 15:42:03 -0700 (PDT)
Date: Wed, 11 Oct 2000 15:42:03 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>,
	Marius Bendiksen <mbendiks@eunet.no>, arch@FreeBSD.ORG
Subject: Re: cvs commit: src/etc inetd.conf
Message-ID: <20001011154203.S272@fw.wintelcom.net>
References: <88823.971294422@critter> <200010112202.e9BM2ns23441@earth.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <200010112202.e9BM2ns23441@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Oct 11, 2000 at 03:02:49PM -0700
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

*gets out rusty garden shears*

[snip snip snip]

how about a nice big dialog box that asks the use to configure the
relative secureness of the box with an explanation text:

simple:
  The only external services configured will be telnet, ftp and sshd,
  if you need to log in as root be sure to add a user and make sure he
  is in the 'wheel' group.
  You should also understand that in todays enviorments what looks like
  your local lan can actually be part of a much larger switched topology
  and using insecure and unencrypted services such as telnet and ftp is
  illadvised.

hardened:
  The only external service enabled is sshd, and you will NOT be able
  to log in as root, be sure to create a user and add him to the 'wheel'
  group.
  If you do not understand this, then you may want simple.

1990:
  All services on, all filesystems exported, '+ +' in /etc/rhosts, etc.
  (sunos 4.1.4 emulation enabled)

(Of course I'm kidding about the last option, and you probably want to
run this through a spell checker a couple of times).

Someone actually making the patches to give users these choices
would be a lot more prodecutive that going at each other's throats.

So how about we drop the discussion until someone makes such patches
available?

thanks,
-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message