Re: daemon configuration
On Sun, Oct 03, 1999 at 10:32:46AM -0400, Raul Miller wrote:
> On Sun, Oct 03, 1999 at 02:59:38AM -0400, Rick wrote:
> > I'm uncertain whether this is a good idea or not. I have helped many
> > people install redhat linux and, frankly, the daemon enable screen
> > confuses them. They don't know what all these things are or which ones
> > they may need. If this gets implemented at least have an obvious "enable
> > default daemons" button.
>
> Agreed, this is a problem with Red Hat's implementation.
>
> We should ask the user what kind of policy they want to have for network
> services. We should inform them that there's a small risk that remote
> users may compromise their machine if they enable network services,
> but that in some situations the machine would be worthless without such
> services. We should present a couple examples (http, remote login),
> present the basic options (no network services on by default, most
> network services on by default, choose on a service by service basis),
> and we should give them a command to use after the install is complete
> that lets them see what network services are in use and what package
> is responsible for them, and a reference to how to find documentation
> in the variety of formats a package could supply it in (man, info,
> /usr/{,share}/doc, --help or -h, documentation embedded in configuration
> files, or for the really desperate: documentation embedded in programs)
>
> I'm not sure whether is such a reference about documentation.
>
> I'm sure there's no such reference about associating packages with
> network sockets. It would be possible to write such a thing, based on
> lsof -F -i -n, but maybe it's better to teach everyone how to use lsof
> (run lsof as root, teach about the +M option, egrep for '(UDP).*(LISTEN|\*)'),
> use dpkg -S to find package associated with a program.
I **really** like the idea of a policy manager program. I see one
problem, in that portions of policy management would include pam in
addition to resource management, etc.
Hmmm...I think I will have to propose that to my developers here at
TurboLinux. Yup. Already had a bunch of positive responses.
Regarding TurboLinux and RedHat people being here on this list; We are
not competitors. We compete with WinNT and Solaris and SCO. You are some
of the great people that make this linux dream a reality. :-)
Ciao!
--
Have you heard that the next Space Shuttle is supposed to carry several Guernsey cows?
It's gonna be the herd shot 'round the world.
The Doctor What: Not that 'who' guy http://docwhat.gerf.org/
docwhat@gerf.org (finger docwhat@gerf.org for PGP key)
KF6VNC
Reply to: