Re: services installed and running "out of the box"
On Mon, Sep 29, 2003 at 12:06:43AM -0400, Phillip Hofmeister wrote:
> On Fri, 26 Sep 2003 at 12:53:26PM -0400, Dale Amon wrote:
> > Precisely. One cannot just install the packages and services
> > one wants. One must step outside the package system to fix
> > the problem, and continue to do so thereafter in the future.
> >
> > A major port service should not be installed on a system
> > unless I specifically request its presence. There are too
> > many packages which require things which they do not
> > actually require.
>
> I would consider implementing an iptables firewall (whether it be
> shorewall or home brewed (if you know what you are doing)) to be a bare
> minimum for best-practices.
>
> Unfortunately (unlike RedHat and Mandrake) Debian offers no firewall as
> part of the default installation.
>
> My advise, have a good generic firewall shell script and use it and
> place it in /etc/rc(S|2).d/ of every system you install.
I do that as well. I also try to minimize exposure to the outside
during the install if at all possible. I'd really like a simple means
of turning services on and off in a distribution standard, dpkg/debconf
understood way. It's one thing in the Redhat boot I like better than
Debian.
There is another common case I'd not mentioned. Since I do a lot
of development work, I tend to have a *lot* of servers installed
on my laptop, ready to run, but only when I need them. I do this
entirely manually at present. I'd like to have the option of installing
a package and marking it to not be started or run at boot time.
Just because I want it available does not at all mean I want it
running all the time.
Reply to: