[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: assimilating OpenBSD



On Tue, Feb 06, 2001 at 03:59:28PM -0800, Erik Hollensbe wrote:
> On Tue, Feb 06, 2001 at 04:12:35PM -0600, Nathan E Norman wrote:
> > On Tue, Feb 06, 2001 at 11:06:50PM +0100, Andreas Schuldei wrote:
> > > * Hamish Moffatt (hamish@debian.org) [010206 23:02]:
> > > > Is it still Debian if you replace the user space tools?
> > > > Maybe so, but it's not something I would ever use.
> > > 
> > > Wait untill you build a firewall...
> > 
> > So it's your contention that debian is not suited for building
> > firewalls?  Care to back up this assertion with facts, or are you
> > basing it on suppositions?
> 
> 	I've made this point before, but debian comes installed with 3 very 
> unneeded services installed by default:
> 
> 	1) portmap
> 	2) mountd
> 	3) lpd
> 
> 	These are well known security holes on any unix machine. If you want
> debian secure 'out of hte box' then this stuff has to go. I think rpc.statd 
> is running as well. The whole RPC/NFS suite needs to go for default 
> installs. 

You just changed the parameters of the argument.  I agree debian is
not secure enough out of the box, but the original comment implied
that debian was not sufficient for a firewall.  Anyone who builds a
firewall "out of the box" is probably asking for trouble.

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Inc.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgphF4FeQPBF2.pgp
Description: PGP signature


Reply to: