Date: Wed, 13 Jul 2016 11:19:04 +0200 From: Steve Clement <steve@localhost.lu> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD - a lesson in poor defaults? Message-ID: <300EEE78-1BF1-460E-ABDD-8EA5C4809941@localhost.lu> In-Reply-To: <57860275.404@obluda.cz> References: <20160713073859.GA88448@localhost.lu> <57860275.404@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_C5B74AD3-1884-4A58-87BB-68D928867F70 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 By default, IMHO, a system should resist a standard install on a public = ip address without being owned within the hour. If you need hardening, you should always check and know your system. Especially if something says =E2=80=9Csecure by default=E2=80=9D. Wonder how HardenedBSD is doing these days=E2=80=A6 = https://wiki.freebsd.org/Hardening You do want to protect your basic users from themselves to a certain = extent. The SSL mess is a mess, but libreSSL hasn=E2=80=99t been spared either. Nevertheless I am sure that the Core Security team is having regular = discussions on some defaults. If we can assume that this About blob from the FreeBSD site is it=E2=80=99= s mission statement: =E2=80=9C=E2=80=9D=E2=80=9D=E2=80=9D https://www.freebsd.org/about.html What is FreeBSD? FreeBSD is an operating system for a variety of platforms which focuses = on features, speed, and stability. It is derived from BSD, the version = of UNIX=C2=AE developed at the University of California, Berkeley. It is = developed and maintained by a large community. =E2=80=9C=E2=80=9D=E2=80=9D=E2=80=9D The rant is not that justified baring in mind the versatility of = FreeBSD. Sincerely, Steve > On 13 Jul 2016, at 10:57, Dan Lukes <dan@obluda.cz> wrote: >=20 > Particular system needs to be tuned according local environment, goal = and requirements. Thus I don't care install-time defaults so much. --Apple-Mail=_C5B74AD3-1884-4A58-87BB-68D928867F70 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXhgeIAAoJEGmiD1Cb5K7pFMoQAJJJzwFroX/5Fzb9RlAynRFA TcGc9UEKd27lrLkriNNaBS/SSZHUKxR+krT3igEsOv9n03gEO2AwBcuOqLkRRulN QmvHwmdUB7FJi71Xu/KH56YaJhpUBgogz0HMwj3ADg9nhABeN2ePPD5BYgWU+2Mv BYJy52QQdHxJizfW/Ku4DT8/HdVgSLJJNq6Lof0NHX6sZRxIX9msGdXnCwU3z54x C2U1WTrilhz+F31wB8zxun8xvv4qjHIXzzO2I/ElISu2yyb0CU3ow7F6ztLobiMp VMhHFEhVLtEjq5tR92ZNc5JuFgnyR8d7W2oGfamKBX2uf+u4JpyOg+zLTGFpRtI3 uP/IA9uxd43Ko2VVV8k5/GDoRZX+UJ/SdtkBD86/0VZkPeLxa3V1Eh0dgcfJUYDY 6v0gEMmMSB52pD6i8fkiUQLC7558rSvggx3xug4g2Vg1REI3C5Ts1cMFoECrcidX rCmhbyIlrwAWEVvGA7VwSvBRifTLJ3Iumefy0cXP3Vam/YFI31gVXKx9O1FCRVBk kA52fs5OPYTz4FbE/44GAKqzdbYdeWBWJGLDkZo6JN8f43dWnFi0GawVVNOFjlWJ ldIGQ75Keg+lrMSfyDfGFs4qwqU4sbE6RPFQdwouQlGjtDxu1GerC7tjf4zOGyJw hBUSl1Kl3jPeLkDVYeAH =Y7j3 -----END PGP SIGNATURE----- --Apple-Mail=_C5B74AD3-1884-4A58-87BB-68D928867F70--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?300EEE78-1BF1-460E-ABDD-8EA5C4809941>