Re: secure installation

To: debian-security@lists.debian.org
Subject: Re: secure installation
From: Russ Allbery <rra@debian.org>
Date: Wed, 15 Aug 2007 21:34:19 -0700
Message-id: <[🔎] 87ps1ogks4.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 2e4e9dbd0708151223q2f88f8e1m7689fb2912ca16fd@mail.gmail.com> (paparsoss@gmail.com's message of "Wed, 15 Aug 2007 14:23:06 -0500")
References: <[🔎] 2e4e9dbd0708151223q2f88f8e1m7689fb2912ca16fd@mail.gmail.com>

Pat <paparsoss@gmail.com> writes:

>  1) No firewall setup during the install process, as it would be a simple
>  matter to run lokkit at the end of the install I fail to see why this is
>  not done.

A default install should simply not listen to the network, at which point
a firewall is pointless complexity.  I believe portmap is already
listening only to localhost and inetd doesn't run if there are no services
enabled.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: secure installation
  - From: Michel Messerschmidt <lists@michel-messerschmidt.de>

References:
- secure installation
  - From: Pat <paparsoss@gmail.com>

Prev by Date: Re: secure installation
Next by Date: Re: [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
Previous by thread: Re: secure installation
Next by thread: Re: secure installation
Index(es):
- Date
- Thread