Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Sep 2000 08:54:34 -0700
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        Neil Blakey-Milner <nbm@mithrandr.moria.org>
Cc:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Brett Glass <brett@lariat.org>, Wes Peters <wes@softweyr.com>, security@FreeBSD.ORG
Subject:   Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats  so special about freeBSD?)
Message-ID:  <200009221555.e8MFtGK11604@cwsys.cwsent.com>
In-Reply-To: Your message of "Fri, 22 Sep 2000 16:57:25 %2B0200." <20000922165725.A30364@mithrandr.moria.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000922165725.A30364@mithrandr.moria.org>, Neil 
Blakey-Milner writ
es:
> I don't think we want to make even more sysinstall hacks, as it is
> exceedingly complicated and time-consuming (especially according to Mr.
> Glass - hours of painstaking choices).
> 
> I think inetd_enable="YES"/"NO" is mostly sufficient.  Anything beyond
> that is the realm of the administrator.  Perhaps we can put your scripts
> in /usr/share/examples/inetd/, along with example configurations, like
> inetd.conf.rsh, inetd.conf.ftp, inetd.conf.full.  Then have a
> mostly-empty /etc/inetd.conf that isn't self-documenting, with ftp and
> commented out telnet and (internal) auth.

Thinking about it further, I don't think it really matters that much.  
Managing a heterogeneous environment, customisations have to be made 
anyhow -- at least on my part.  (I must have been on drugs over the 
past week to create such a ruckus on -arch over this issue.  I was 
definitely not thinking rationally.)

Ideally a post-install process (my awk script could be part of it) 
might be the best way to go.  If the process is generic enough it could 
be used anywhere.  Having said that, before anyone asks for patches, 
this has been on my todo list for a while now.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009221555.e8MFtGK11604>