On Sat, Jul 21, 2001 at 02:00:48PM -0700, Jacob Meuser wrote: > On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote: > > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote: > > > You really can not blame people for not hiring > > > "expensive unix sysadmins" and letting some semi competent windows user run > > > the NT network. > > > > oh? and whyever not? its this blatent irreponsibilty that we have > > such a mess security wise on the internet today. > > > Blatant irresponsibility, hmmm ... > > Perhaps Debian should follow the example of OpenBSD, and not start > possibly dangerous services by default. It's really easy to install > Debian and have all kinds of services running immediately. I doubt > everyone who is running servers on Debain (by choosing to do so during > the 'oh so easy' installation) really knows what they're doing. if you install a service its expected you want to run it, so if you don't need it don't install it. that said nfs-common, nfs-kernel-server, portmap, telnetd, fingerd, pidentd are all priority standard (in potato woody downgraded telnetd, and fingerd). this means they will be installed by default unless you skip tasksel/dselect, or explicitly set them to a deinstall state. nfs-kernel-server won't start unless there is an export in /etc/exports though, if that file is empty or all comments the initscript will simply exit without doing anything. im not sure why, or if its feasible for nfs-common to do something similar... telnetd and fingerd are good to see gone. it would be nice if nfs-common's initscript could tell whether it needs to run or not, like the nfs-server one does.. portmap is of course fine since its totally secure (see list archives). last i used OpenBSD (2.6) it started portmap and identd by default at the very least, maybe fingerd too i don't remember for sure. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp6XHefN1O1s.pgp
Description: PGP signature