From owner-cvs-all Fri Jul 28 15:52:28 2000 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 528E937B694; Fri, 28 Jul 2000 15:52:20 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA43632; Fri, 28 Jul 2000 16:52:17 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA60523; Fri, 28 Jul 2000 16:52:13 -0600 (MDT) Message-Id: <200007282252.QAA60523@harmony.village.org> To: Eivind Eklund Subject: Re: cvs commit: src/etc/defaults rc.conf src/release/sysinstall config.c Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org In-reply-to: Your message of "Fri, 28 Jul 2000 15:45:37 PDT." <200007282245.PAA59993@freefall.freebsd.org> References: <200007282245.PAA59993@freefall.freebsd.org> Date: Fri, 28 Jul 2000 16:52:13 -0600 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200007282245.PAA59993@freefall.freebsd.org> Eivind Eklund writes: : Change the defaults for portmap, sendmail and inetd to be not running them. : Make sysinstall override this on install, so the effective behavioural : change for a newly installed system is null. Overall, this makes a system : with an empty /etc/rc.conf not run any network services, and makes the : FreeBSD-provided network services that are running visible in /etc/rc.conf : (instead of making people look through /etc/defaults/rc.conf to find the : things they need to disable to secure the system.) Before people freak out. This has no effect on system security or usability if you use sysinstall. It just makes it easier for people to change things to be secure if they want. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message