Date: Wed, 24 Nov 1999 17:51:47 -0700 From: Wes Peters <wes@softweyr.com> To: Warner Losh <imp@village.org> Cc: Peter Wemm <peter@netplex.com.au>, Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current Message-ID: <383C8823.8438567B@softweyr.com> References: <19991124090523.9689C1C6D@overcee.netplex.com.au> <199911241612.JAA20799@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes: > : > : In a dedicated server role, again it might be appropriate to default > : it to "open" (dedicated server being something like a squid box), > : again there will be a couple of sysadmin type users or people who > : have to monitor things. Hiding information gains nothing there > : either. > > I disagree with this, but that is because I've rarely seen a totally > dedicated server. A simple fileserver that does nothing else would > want to be open in this respect since few people have accounts. > > : In other roles, including something like a shell server box with presumably > : hostile users (you reasonably have to assume this), you want everything you > : possibly can to be locked down. > > Firewall, dialup boxes, dns servers, etc are good candidates to be > locked down. Firewall, web, dns, news, etc. servers are good candidates to be open because there should not be any "normal" user accounts on them, only administration accounts. And darned few of those. I think this is what Peter was getting at. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?383C8823.8438567B>