Date: Wed, 13 Jul 2016 11:19:04 +0200 From: Steve Clement <steve@localhost.lu> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD - a lesson in poor defaults? Message-ID: <300EEE78-1BF1-460E-ABDD-8EA5C4809941@localhost.lu> In-Reply-To: <57860275.404@obluda.cz> References: <20160713073859.GA88448@localhost.lu> <57860275.404@obluda.cz>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] By default, IMHO, a system should resist a standard install on a public ip address without being owned within the hour. If you need hardening, you should always check and know your system. Especially if something says “secure by default”. Wonder how HardenedBSD is doing these days… https://wiki.freebsd.org/Hardening You do want to protect your basic users from themselves to a certain extent. The SSL mess is a mess, but libreSSL hasn’t been spared either. Nevertheless I am sure that the Core Security team is having regular discussions on some defaults. If we can assume that this About blob from the FreeBSD site is it’s mission statement: “””” https://www.freebsd.org/about.html What is FreeBSD? FreeBSD is an operating system for a variety of platforms which focuses on features, speed, and stability. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. It is developed and maintained by a large community. “””” The rant is not that justified baring in mind the versatility of FreeBSD. Sincerely, Steve > On 13 Jul 2016, at 10:57, Dan Lukes <dan@obluda.cz> wrote: > > Particular system needs to be tuned according local environment, goal and requirements. Thus I don't care install-time defaults so much. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXhgeIAAoJEGmiD1Cb5K7pFMoQAJJJzwFroX/5Fzb9RlAynRFA TcGc9UEKd27lrLkriNNaBS/SSZHUKxR+krT3igEsOv9n03gEO2AwBcuOqLkRRulN QmvHwmdUB7FJi71Xu/KH56YaJhpUBgogz0HMwj3ADg9nhABeN2ePPD5BYgWU+2Mv BYJy52QQdHxJizfW/Ku4DT8/HdVgSLJJNq6Lof0NHX6sZRxIX9msGdXnCwU3z54x C2U1WTrilhz+F31wB8zxun8xvv4qjHIXzzO2I/ElISu2yyb0CU3ow7F6ztLobiMp VMhHFEhVLtEjq5tR92ZNc5JuFgnyR8d7W2oGfamKBX2uf+u4JpyOg+zLTGFpRtI3 uP/IA9uxd43Ko2VVV8k5/GDoRZX+UJ/SdtkBD86/0VZkPeLxa3V1Eh0dgcfJUYDY 6v0gEMmMSB52pD6i8fkiUQLC7558rSvggx3xug4g2Vg1REI3C5Ts1cMFoECrcidX rCmhbyIlrwAWEVvGA7VwSvBRifTLJ3Iumefy0cXP3Vam/YFI31gVXKx9O1FCRVBk kA52fs5OPYTz4FbE/44GAKqzdbYdeWBWJGLDkZo6JN8f43dWnFi0GawVVNOFjlWJ ldIGQ75Keg+lrMSfyDfGFs4qwqU4sbE6RPFQdwouQlGjtDxu1GerC7tjf4zOGyJw hBUSl1Kl3jPeLkDVYeAH =Y7j3 -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?300EEE78-1BF1-460E-ABDD-8EA5C4809941>