Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Wed, Apr 18, 2001 at 08:47:42PM -0700, John H. Robinson, IV wrote:
> not all services are tcpwrapped. as a matter of fact, exactly TWO types
> of services are tcpwrapped:
> * those spawned from inetd, that explicitly have tcpd in their
> invocation
> * those compiled with libwrap
>
> not all services suffer as such. so to say a system with ALL:ALL in
> hosts.deny (i hate that file. it should go away. replaced with
> echo ALL:ALL:DENY >> /etc/hosts.allow) disallows ALL networking is
> false. the suggestion to have localhost and localnet in hosts.allow, and
> all:all:deny in hosts.allow is a very good one.
>
> SECURE by default. open up by a positive action.
If we want things to be secure then let's make them secure. PARANOID is
half-assed security. Let's ask people to decide at installation what IP
ADDRESSES they want in those files. It's not that hard to do.
--Adam
--
Adam McKenna <adam@debian.org> <adam@flounder.net>
Reply to: