From owner-freebsd-arch Wed Aug 1 8:29:44 2001 Delivered-To: freebsd-arch@freebsd.org Received: from bdr-xcon.matchlogic.com (mail.matchlogic.com [205.216.147.127]) by hub.freebsd.org (Postfix) with ESMTP id 2539C37B405; Wed, 1 Aug 2001 08:29:38 -0700 (PDT) (envelope-from crandall@matchlogic.com) Received: by mail.matchlogic.com with Internet Mail Service (5.5.2653.19) id ; Wed, 1 Aug 2001 09:29:29 -0600 Message-ID: <5FE9B713CCCDD311A03400508B8B30130828F210@bdr-xcln.corp.matchlogic.com> From: Charles Randall To: 'Cy Schubert - ITSD Open Systems Group' , Robert Watson Cc: arch@FreeBSD.ORG, stable@FreeBSD.ORG Subject: RE: Patch to modify default inetd.conf, have sysinstall prompt t o edit , inetd.conf Date: Wed, 1 Aug 2001 09:27:25 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG FYI, Starting with RedHat 7.1, they now install a firewall and prompt the user for high/medium/low/none security policies. -Charles -----Original Message----- From: Cy Schubert - ITSD Open Systems Group [mailto:Cy.Schubert@uumail.gov.bc.ca] Sent: Wednesday, August 01, 2001 8:02 AM To: Robert Watson Cc: arch@FreeBSD.ORG; stable@FreeBSD.ORG Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf In message , Robe rt Watson writes: > One of the observations that has been made fairly frequently to me is that > the current default inetd.conf puts many FreeBSD users at risk > unnecessarily, as many of them have moved to using SSH for remote access > needs. In particular in light of the recent ftpd and telnetd security > bugs, it seems like 4.4-RELEASE would be a good time to move to a more > conservative default of having both of these services disabled in the base > install, as both NetBSD and OpenBSD have moved to doing. I think that this is goodness. I have been an advocate of this (actually a less balanced approach -- of which I've seen the light and error of my thinking) for a long time. For that matter one of my biggest pet peeves about RH Linux is that by default it installs everything and enables everything. I think that the approach taken here is a balanced approach and is the correct approach. Services are not removed from the system entirely and can be enabled if needed. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message