Re: services installed and running "out of the box"
For what its worth, and without wanting a distro-religious war about it,
Mandrake has a variety of security levels, which can be locally configured,
and which can allow exactly this sort of behavior;
At high security levels, any new services that get installed (from RPMs)
are only allowed from localhost or even, IIRC, services may not even
be started by default, neither post-install nor on reboot: you have to
set them up manually.
Might be worth a look to see how they did it to see if it can be easily
implemented on debian?
On Thu, 25 Sep 2003 10:04, Florian Weimer wrote:
> On Wed, Sep 24, 2003 at 01:42:01PM -0700, Adam Lydick wrote:
> > Is there any effort to reduce the number of services running on a
> > default debian install? For example: a typical workstation user doesn't
> > really need to have inetd enabled, nor portmap (unless they are running
> > fam or nfs -- which isn't enabled by default)
>
> I think it's more important that services only bind to localhost after
> installation (in the default configuration).
Reply to: