From owner-freebsd-ports  Fri Sep 12 18:08:41 1997
Return-Path: <owner-freebsd-ports>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id SAA22948
          for ports-outgoing; Fri, 12 Sep 1997 18:08:41 -0700 (PDT)
Received: from super-g.inch.com (super-g.com [207.240.140.161])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA22926;
          Fri, 12 Sep 1997 18:08:27 -0700 (PDT)
Received: from localhost (spork@localhost)
	by super-g.inch.com (8.8.7/8.8.5) with SMTP id VAA12604;
	Fri, 12 Sep 1997 21:20:31 -0400 (EDT)
Date: Fri, 12 Sep 1997 21:20:31 -0400 (EDT)
From: spork <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: Andreas Klemm <andreas@klemm.gtn.com>
cc: Torsten Blum <torstenb@onizuka.tb.9715.org>, mark@grondar.za,
        ports@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Re: Major bogon in tcp_wrappers port.
In-Reply-To: <19970912172743.64756@klemm.gtn.com>
Message-ID: <Pine.BSF.3.96.970912211638.12209B-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I'd just like to avoid the hassle of installing it on every machine...

I do think this could be made simple for the "dumb user" with a simple
question like "What hosts do you wish to allow to telnet to your machine?"
in sysinstall.

If incorporating it into the base is not acceptable, then I'll ask for a
knob in sysinstall here.  Installation time isn't the worst time to allow
a newbie to learn a bit about security...

Charles

On Fri, 12 Sep 1997, Andreas Klemm wrote:

> On Fri, Sep 12, 1997 at 10:58:42AM +0200, Torsten Blum wrote:
> > 
> > Everybody has different needs for security. There are more than enough
> > users who'll never need tcpwrapper because
> >  - they only have a small set of "services" running on these boxes
> >    (for example www server, dns, sendmail etc)
> >  - we have users who really don't care about security (sad but true).
> >    They never care to configure hosts.{allow,deny} or even check their
> >    logfiles
> >  - Machines without connections "external" connection
> > and many many more
> 
> ok, agreed.
> 
> > Andreas, have you _ever_ configured tcpd ? tcpd is not a standalone daemon.
> > To activate it, you have to modify inetd.conf. 
> 
> Yes I'm using it in the company for our secured FreeBSD internet
> gateway ...
> 
> > Don't get me wrong, I'm all for a "more" secure system, but you don't get
> > this out of the box. You _always_ have to configure something.
> 
> Ok, agreed. Peace man ;-)
> 
> -- 
> Andreas Klemm | klemm.gtn.com - powered by
>                     Symmetric MultiProcessor FreeBSD
>                        http://www.freebsd.org/~fsmp/SMP/SMP.html
>                           http://www.freebsd.org/~fsmp/SMP/benches.html
>