Re: Debian secure by default?
On Fri, May 16, 2008 at 08:20:07PM -0700, Mike Bird wrote:
> If you start a service - Apache or FTP or anything else - then you are
> responsible for securing it, whether by passwords or certificates or
> firewalls or otherwise. It's easy to start a service. It's not easy
> to secure a service. Don't start a service until you know how to secure
> it, no matter how easy is. This applies to all OS's.
On debian, if you want to run a service, say ftp you would choose your
server and install the package so that you can read the docs. On
Debian, when you do this, does it get installed into a running state or
do you have to configure it first?
If you install the ntp package, it goes active even before you've given
it a specific server to use since it defaults to the pool of servers.
This is one reason why I run shorewall and have everything closed in all
directions unless I open it. If I install something, I know right away
if its started doing anything and can keep it from doing anything until
In answer to the OP, I think he needs to look at the debian policy
vis-a-vis the policy that packages work out-of-the-box with standard
configs already done.