Re: daemon configuration
On Sun, Oct 03, 1999 at 02:59:38AM -0400, Rick wrote:
> I'm uncertain whether this is a good idea or not. I have helped many
> people install redhat linux and, frankly, the daemon enable screen
> confuses them. They don't know what all these things are or which ones
> they may need. If this gets implemented at least have an obvious "enable
> default daemons" button.
Agreed, this is a problem with Red Hat's implementation.
We should ask the user what kind of policy they want to have for network
services. We should inform them that there's a small risk that remote
users may compromise their machine if they enable network services,
but that in some situations the machine would be worthless without such
services. We should present a couple examples (http, remote login),
present the basic options (no network services on by default, most
network services on by default, choose on a service by service basis),
and we should give them a command to use after the install is complete
that lets them see what network services are in use and what package
is responsible for them, and a reference to how to find documentation
in the variety of formats a package could supply it in (man, info,
/usr/{,share}/doc, --help or -h, documentation embedded in configuration
files, or for the really desperate: documentation embedded in programs)
I'm not sure whether is such a reference about documentation.
I'm sure there's no such reference about associating packages with
network sockets. It would be possible to write such a thing, based on
lsof -F -i -n, but maybe it's better to teach everyone how to use lsof
(run lsof as root, teach about the +M option, egrep for '(UDP).*(LISTEN|\*)'),
use dpkg -S to find package associated with a program.
--
Raul
Reply to: