[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 04:57:50PM -0700, Nathan Dabney wrote:
> On Wed, Apr 18, 2001 at 04:48:41PM -0700, Adam McKenna wrote:
> > On Wed, Apr 18, 2001 at 04:43:15PM -0700, Nathan Dabney wrote:
> > > It doesn't have to be a big security win.  It's still a win.  It provides the 
> > > additional security as opposed to shipping with the distro's pants down.
> > 
> > It's not a win.  It provides _nothing_ except confusion for newbie sysadmins.
> > If we're going to have a default, it might as well be something useful.
> I disagree, it's a small win.  The reasons for which have already been covered
> in this thread.  Just because the things it helps provide are not important to 
> you doesn't mean nobody would like them.
> > > It's not too aggressive.  Would you prefer we ship with ssh allowing root logins and a default of no password for root so users can us without having to 
> > > understand what they are doing?
> > 
> > There are many other, better ways to increase security than enabling paranoid
> > host checks by default.  And most of them are just as easy.
> Other yes, should we ignore this one, now.
> I would prefer ALL: ALL in hosts.deny as a default.

I think this violates the possible "Debian default:worlwide acces" that I have previously mentioned.
> -Nathan
Pedro Larroy Tovar. PiotR | http://omega.resa.es/piotr/

Reply to: