[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian secure by default?

On Fri, May 16, 2008 at 08:20:07PM -0700, Mike Bird wrote:
> If you start a service - Apache or FTP or anything else - then you are
> responsible for securing it, whether by passwords or certificates or
> firewalls or otherwise.  It's easy to start a service.  It's not easy
> to secure a service.  Don't start a service until you know how to secure
> it, no matter how easy is.  This applies to all OS's.

On debian, if you want to run a service, say ftp you would choose your
server and install the package so that you can read the docs.  On
Debian, when you do this, does it get installed into a running state or
do you have to configure it first?

If you install the ntp package, it goes active even before you've given
it a specific server to use since it defaults to the pool of servers.  

This is one reason why I run shorewall and have everything closed in all
directions unless I open it.  If I install something, I know right away
if its started doing anything and can keep it from doing anything until
I'm ready.

In answer to the OP, I think he needs to look at the debian policy
vis-a-vis the policy that packages work out-of-the-box with standard
configs already done.


Reply to: