[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 04:43:15PM -0700, Nathan Dabney wrote:
> It doesn't have to be a big security win.  It's still a win.  It provides the 
> additional security as opposed to shipping with the distro's pants down.

It's not a win.  It provides _nothing_ except confusion for newbie sysadmins.
If we're going to have a default, it might as well be something useful.

> It's not too aggressive.  Would you prefer we ship with ssh allowing root logins and a default of no password for root so users can us without having to 
> understand what they are doing?

There are many other, better ways to increase security than enabling paranoid
host checks by default.  And most of them are just as easy.

BTW, Implying that getting rid of these useless paranoid checks is tantamount 
to leaving a box open with no root password is just ridiculous.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: