Re: secure installation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
thus defeat the purpose). A default firewall simply can't work,
even if we
had some way to implement it perfectly for all packages (without
breaking
any, which we undoubtedly would).
It all depends on context - I agree that a default firewall for
"debian" is stupid, but if you look at the way an OpenBSD box looks
when the default install is done, that is my ideal. I happen to
prefer the way thing generally are done in debian, but on the initial
install, OpenBSD whips any other OS I've seen. It has pf on by
default and only allows SSH connections. Ideal.
Would that be a good idea for a workstation? No - nightmare. Is it a
good idea for a server? Yes absolutely. Servers, unless they are
packaged appliance distros or subdistros, should always have the bare
minimum of services and allow SSH only by default.
$.000002
_a
- --
alex black, founder
the turing studio, inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFGydOsAHZuLuydb2YRAuAsAJ4gdXkilHb7NNUBnC5uKpYoG6VIJACdFZTK
Azi/tVYEPnuIAwLX/atPaE8=
=DJ5Y
-----END PGP SIGNATURE-----
Reply to: