[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: services installed and running "out of the box"

On Wed, Sep 24, 2003 at 01:59:16PM -0500, Ryan Underwood wrote:
> > Is there any effort to reduce the number of services running on a
> > default debian install? For example: a typical workstation user doesn't
> > really need to have inetd enabled, nor portmap (unless they are running
> > fam or nfs -- which isn't enabled by default)
> What about a package like the harden-* package, but one that conflicts
> with packages that are pointless for a client/desktop system?

Unless such a package is part of the standard installation, it's really
of no use.  The original poster specifically mentioned the "default
debian install".

Personally, I think we really do need to reduce the number of open ports
by default.  Even Redhat has learned to do this, and Microsoft is
quickly learning (the hard way, of course).  It's quickly becoming best
practice for operating system vendors.

For starters, I think portmap, rpc.statd, and inetd should not run by
default.  Not running a mail server (or perhaps only running one on the
loopback interface) would be nice, too.

Users that need these services know it.  Users that don't shouldn't be
bothered by them, whether that be to turn them off or to get compromised
due to some newly discovered vulnerability.


Attachment: pgptDZQk71LMI.pgp
Description: PGP signature

Reply to: