Date: Wed, 15 Aug 2001 20:40:51 +0100 From: Brian Somers <brian@Awfulhak.org> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Gavin Grabias <gaving@enter.net>, security@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200108151940.f7FJepc73604@hak.lan.Awfulhak.org> In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.ORG> of "Wed, 15 Aug 2001 15:32:57 EDT." <Pine.NEB.3.96L.1010815153204.81642Q-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> On Wed, 15 Aug 2001, Gavin Grabias wrote:
>
> > > Good point, but thats a little different. Warning those who care
> > > (subscribers of the list) about security advisories is MUCH different
> > > than making the OS mute because a percentage of the installers can't
> > > figure out (or don't know that they SHOULD figure out) how to turn off
> > > sendmail, telnet, etc. It just won't save the experienced users any
> > > time to have them disabled, and it won't stop the 'clueless' from being
> > > just that.
> >
> > Security is starting to sound like a bug instead of a feature for
> > FreeBSD. We are arguing about whether users can use a text editor to
> > edit their inetd.conf. The secure approach would be to disable all
> > services by default. If the user wants "features" make him/her read
> > about them and educate themselves. Then they can make the decision as
> > to whether they want the service enabled.
>
> This is what FreeBSD 4.4 does with the inetd network services. There's an
> on-going debate about how best to handle this WRT sendmail, as local mail
> delivery is required for some internal base system functionality (vi
> recovery files, cron'd events, etc).
I'm don't intend to advocate that sendmail be turned off, but it *is*
possible to add
daily_output=/var/log/daily.log
weekly_output=/var/log/weekly.log
monthly_output=/var/log/monthly.log
to /etc/periodic.conf to avoid the periodic mails....
> Robert N M Watson FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org NAI Labs, Safeport Network Services
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108151940.f7FJepc73604>