[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
thus defeat the purpose). A default firewall simply can't work, even if we had some way to implement it perfectly for all packages (without breaking 
any, which we undoubtedly would).
It all depends on context - I agree that a default firewall for "debian" is stupid, but if you look at the way an OpenBSD box looks when the default install is done, that is my ideal. I happen to prefer the way thing generally are done in debian, but on the initial install, OpenBSD whips any other OS I've seen. It has pf on by default and only allows SSH connections. Ideal.
Would that be a good idea for a workstation? No - nightmare. Is it a good idea for a server? Yes absolutely. Servers, unless they are packaged appliance distros or subdistros, should always have the bare minimum of services and allow SSH only by default. 

$.000002

_a


- --
alex black, founder
the turing studio, inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGydOsAHZuLuydb2YRAuAsAJ4gdXkilHb7NNUBnC5uKpYoG6VIJACdFZTK
Azi/tVYEPnuIAwLX/atPaE8=
=DJ5Y
-----END PGP SIGNATURE-----
Reply to: