From owner-freebsd-security Wed Aug 15 10:18:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id A5D8037B414 for ; Wed, 15 Aug 2001 10:18:11 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id JAA07040; Wed, 15 Aug 2001 09:34:23 -0500 (CDT) Received: from sprint.centtech.com(10.177.173.31) by prox via smap (V2.1+anti-relay+anti-spam) id xma007038; Wed, 15 Aug 01 09:33:53 -0500 Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id JAA11277; Wed, 15 Aug 2001 09:33:53 -0500 (CDT) Message-ID: <3B7A8851.3523EC9B@centtech.com> Date: Wed, 15 Aug 2001 09:33:53 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: mixtim@mixtim.homeip.net Cc: security@freebsd.org Subject: Re: cvs commit: src/etc inetd.conf References: <20010815134852.B16184@zerogravity.kawo2.rwth-aachen.d> <59836.997879734@axl.seasidesoftware.co.za> <20010815100621.A5853@mixtim.homeip.net> <3B7A8424.CBFF1F30@centtech.com> <20010815102415.A5942@mixtim.homeip.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mixtim wrote: > > On Wed, Aug 15, 2001 at 09:16:04AM -0500, Eric Anderson wrote: > > Here's the thing. I thought that was a great idea - until I started > > installing (ick) RedHat 7.1 on a few machines here at the office. It > > has everything closed off, so remote access is not possible off the hat > > (ssh will work, but you have to add a local non-root user). > > I should have stated ssh as an exception. You almost always have to have > it running. Of course, logging in as root and executing the sshd command > only takes a few seconds. > > > Plus, anyone installing FreeBSD should have a good idea that they are > > installing an OS that has many servers running, some possibly easy to > > hack. > > If CodeRed taught us anything it is that there are more than enough > clueless admins on the net. Just because someone installed FreeBSD > doesn't mean they are that much more intelligent. If CodeRed taught us anything, it's to not use Microsoft OS's for production servers. Yes, there are a lot of clueless admins out there, but the reason MS has made such shotty software for servers (in my opinion) is because they continue to dumb it down, making it simpler and simpler to set up. This is exactly the reason that everyone and their dog thinks they can be a SysAdmin and do just fine. I guess it's kind of a survival of the fittest thing. > > > It isn't up to the programmers of the operating system to protect the > > users of it. > > Then why is there a security@freebsd.org address? Good point, but thats a little different. Warning those who care (subscribers of the list) about security advisories is MUCH different than making the OS mute because a percentage of the installers can't figure out (or don't know that they SHOULD figure out) how to turn off sendmail, telnet, etc. It just won't save the experienced users any time to have them disabled, and it won't stop the 'clueless' from being just that. -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message