Bug#81118: base: Wishlist: High security base system (or separate add-on package)
On 01-01-04 Ethan Benson wrote:
> On Wed, Jan 03, 2001 at 07:50:58PM +0100, Christian Kurz wrote:
> > > apt-get remove telnetd
> > Well, why do we have telnet enabled after installation? This is a bit
> > security hole and I think this service should be disabled and only be
> > enabled by the admin.
> because telnetd is priority standard, and with dselect (and tasksel in
> woody i think) all priority standard packages are installed by
> default. (well selected by default in your first dselect session, so
> if you do nothing more then run the select step in dselect and then
> install you get priority: standard).
> $ apt-cache show telnetd
> Package: telnetd
> Priority: standard
> Section: net
Hm, what about changing the postinst of telnetd so, that I ask the admin
who installs debian or the package, if he really wants to activate
telnetd or not?
> nfsd and nfs-common are also standard, but nfs-kernel-server's
> initscript won't start the daemons if /etc/exports contains no
So that means that this security risk is not by default opened.
> exports. nfs-common and portmap are started by default though. (and
> statd had a nice root hole recently)
And I think we don't need a running portmap as default for all installed
system. I think we should also modify this postinst-script to ask the
user if he really needs a running portmap or not and have it per default
turn portmap off.
> > Hm, there are services in /etc/inetd.conf that are not belonging to any
> > package like daytime, echo and this should be disabled by default.
> agreed these should be off by default. what are these used for that
> makes it necessary for the majority of systems to have them enabled?
I don't know any software that relies on this internal services of
inetd. I think they should be turned off by default, so that if someone
still needs one of this services has to explicitly turn them on.
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853