[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jessie release goals

On Mon, May 06, 2013 at 04:08:07PM +0200, Christoph Anton Mitterer wrote:
> 1) IMHO, services/daemons (e.g. apache, ejabberd, etc.) that listen per
> default on the network (unless loopback only) shouldn't be started per
> default, after being installed.
> The usually come only with a default config which may not be hardened
> enough for the local system, and that short time may already be enough
> for an attacker to attack.
> Or default config may be simply pointless for the environment, and
> starting the service per default is just annoying.
> It shouldn't be to hard for an admin to configure the appropriate
> runlevels when he thinks he's finished with configuration.
> One could handle this different for local only services/daemons. E.g.
> when I install haveged, I usually want it... and there shouldn't be a
> security impact when it immediately runs after being installed.
There is also a related thing that was discussed in the past: stop
disabling services via /etc/default.


Attachment: signature.asc
Description: Digital signature

Reply to: