Re: assimilating OpenBSD
On Tue, Feb 06, 2001 at 04:12:35PM -0600, Nathan E Norman wrote:
> On Tue, Feb 06, 2001 at 11:06:50PM +0100, Andreas Schuldei wrote:
> > * Hamish Moffatt (hamish@debian.org) [010206 23:02]:
> > > Is it still Debian if you replace the user space tools?
> > > Maybe so, but it's not something I would ever use.
> >
> > Wait untill you build a firewall...
>
> So it's your contention that debian is not suited for building
> firewalls? Care to back up this assertion with facts, or are you
> basing it on suppositions?
I've made this point before, but debian comes installed with 3 very
unneeded services installed by default:
1) portmap
2) mountd
3) lpd
These are well known security holes on any unix machine. If you want
debian secure 'out of hte box' then this stuff has to go. I think rpc.statd
is running as well. The whole RPC/NFS suite needs to go for default
installs.
>
> I will agree with you if you say "the debian (and in fact GNU/Linux)
> core has not been audited to the same degree that OpenBSD has". I
> would suggest, though, that the "right" solution is to form an audit
> team to perform this audit ... that makes all of debian better and
> improves GNU/Linux as well.
>
I'd like to see a group fo people stand up, but I would honestly
have a hard time believing that a security audit team that's as skilled as
the OpenBSD guys would be able to form and stay on task.
Plus, there are TONS of GNU software tools, even more if you include
GPL'd tools in debian. OpenBSD wins it's claims by keeping the distribution
light from default install... which is why it's best geared towards a
firewall.
--
Erik Hollensbe <erik@powells.com>
Programmer, Powells Internet Division
"You can't depend on your eyes when your imagination is out of focus."
- Mark Twain
Reply to: