Re: red worm amusement
On Sun, 22 Jul 2001, Steven Barker wrote:
>
> On Sat, Jul 21, 2001 at 08:51:23PM -0700, Jacob Meuser wrote:
>
> <snip>
>
> > No, I'm simply saying not to start services immediately.
>
> <snip>
>
> Well, I'm going to wade into this growing flamewar to point out what I think
> is a sound idea. The trouble with the current system is that installed
> daemons automatically start running with a default configuration. This is
> not always bad, but does not allow a paranoid sysadmin to protect themselves
> (short of ugly workarounds like taking down the network interface until the
> server is shut off).
>
> I think that there should be a way to install a debian server packages
> without having the installation scripts start the server. This need not be
> default, but it should be possible.
>
I think this is a great idea, also, if dpkg / apt showed what servers were
being setup to run after the initial install, it could be saved to a file.
This would also assist if there was a break-in and a new server running
you could check against your original list.
> I'm sure there are many ways this could work. Perhaps:
>
> root@foobar:/etc# apt-get install --no-run apache
>
> would download, install and configure apache, but not run it. When the
> sysadmin was satisfied with the configureation files, etc, then update-rc.d
> and such could be run by hand (or by another call to apt-get/dpkg with
> another flag).
One option here would be a simple [y/n] question whether or not to run the
new service automatically as part of the package install.
--snip--
Colin.
--
Colin Johnson cjohnson@candjsolutions.com
Remember: Everything you see on screen is but ones and zeroes.
Reply to: