Date: Fri, 22 Sep 2000 08:54:34 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Brett Glass <brett@lariat.org>, Wes Peters <wes@softweyr.com>, security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <200009221555.e8MFtGK11604@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 22 Sep 2000 16:57:25 %2B0200." <20000922165725.A30364@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000922165725.A30364@mithrandr.moria.org>, Neil Blakey-Milner writ es: > I don't think we want to make even more sysinstall hacks, as it is > exceedingly complicated and time-consuming (especially according to Mr. > Glass - hours of painstaking choices). > > I think inetd_enable="YES"/"NO" is mostly sufficient. Anything beyond > that is the realm of the administrator. Perhaps we can put your scripts > in /usr/share/examples/inetd/, along with example configurations, like > inetd.conf.rsh, inetd.conf.ftp, inetd.conf.full. Then have a > mostly-empty /etc/inetd.conf that isn't self-documenting, with ftp and > commented out telnet and (internal) auth. Thinking about it further, I don't think it really matters that much. Managing a heterogeneous environment, customisations have to be made anyhow -- at least on my part. (I must have been on drugs over the past week to create such a ruckus on -arch over this issue. I was definitely not thinking rationally.) Ideally a post-install process (my awk script could be part of it) might be the best way to go. If the process is generic enough it could be used anywhere. Having said that, before anyone asks for patches, this has been on my todo list for a while now. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009221555.e8MFtGK11604>