Re: services installed and running "out of the box"

To: debian-security@lists.debian.org
Subject: Re: services installed and running "out of the box"
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Mon, 29 Sep 2003 00:06:43 -0400
Message-id: <[🔎] 20030929040643.GD29473@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030926165254.GJ10225@vnl.com>
References: <[🔎] 1064436121.641.26.camel@elessar> <[🔎] 20030924185916.GB20078@dbz.icequake.net> <[🔎] 20030924195927.GN1904@morgul.net> <[🔎] 20030924205405.GR21997@vnl.com> <[🔎] 20030926045135.GF25608@alcor.net> <[🔎] 20030926145227.A23425@tyne.open.ac.uk> <[🔎] 20030926144421.GM5050@alcor.net> <[🔎] 20030926165254.GJ10225@vnl.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 26 Sep 2003 at 12:53:26PM -0400, Dale Amon wrote:
> Precisely. One cannot just install the packages and services
> one wants. One must step outside the package system to fix 
> the problem, and continue to do so thereafter in the future.
> 
> A major port service should not be installed on a system
> unless I specifically request its presence. There are too
> many packages which require things which they do not
> actually require.

I would consider implementing an iptables firewall (whether it be
shorewall or home brewed (if you know what you are doing)) to be a bare
minimum for best-practices.

Unfortunately (unlike RedHat and Mandrake) Debian offers no firewall as
part of the default installation.

My advise, have a good generic firewall shell script and use it and
place it in /etc/rc(S|2).d/ of every system you install.

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #139: NOTICE: alloc: /dev/null: filesystem full 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/d6/ES3Jybf3L5MQRAiQjAKCOBUy4i8G1PokOCJJrX2loOnFzOwCeMmhX
zPqbaxHBcGYZTyhGiwgCrkQ=
=EXjG
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: services installed and running "out of the box"
  - From: Dale Amon <amon@vnl.com>
- Re: services installed and running "out of the box"
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- services installed and running "out of the box"
  - From: Adam Lydick <adam.lydick@verizon.net>
- Re: services installed and running "out of the box"
  - From: Ryan Underwood <nemesis-lists@icequake.net>
- Re: services installed and running "out of the box"
  - From: "Noah L. Meyerhans" <noahm@debian.org>
- Re: services installed and running "out of the box"
  - From: Dale Amon <amon@vnl.com>
- Re: services installed and running "out of the box"
  - From: Matt Zimmerman <mdz@debian.org>
- Re: services installed and running "out of the box"
  - From: David Wright <d.wright@open.ac.uk>
- Re: services installed and running "out of the box"
  - From: Matt Zimmerman <mdz@debian.org>
- Re: services installed and running "out of the box"
  - From: Dale Amon <amon@vnl.com>

Prev by Date: Re: Verisign does hijack 'country' domains !!!
Next by Date: newest sendmail packages break STARTTLS...
Previous by thread: Re: services installed and running "out of the box"
Next by thread: Re: services installed and running "out of the box"
Index(es):
- Date
- Thread