Re: Safety while network install.
On Mon, Nov 21, 2011 at 04:34:26PM +0000, Curt wrote:
> On 2011-11-21, Osamu Aoki <osamu@debian.org> wrote:
> >
> > But seriously, Debian is configured as a quite secure system at any time
> > unless you make stupid configuration yourself. So it is quite safe.
> >
>
> Would you be so kind as to explain to me what ports/services are
> open and listening on a default install of Debian Squeeze (if any) and if there
> are any security implications for the novice user or "hardening" to be
> performed on a default install (in relation to listening daemons)?
Anyway, read good source.
http://www.debian.org/doc/user-manuals#securing
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
> I got rid of avahi and another daemon that opened listening ports because I
> didn't know what those services were exactly, what purpose they served,
> or whether they presented any kind of danger to my security. (I think
> the other service was portmap, now that I come to think of it).
http://en.wikipedia.org/wiki/Avahi_(software)
http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution
It gives you multicast DNS/DNS-SD service discovery. hostname IP
resolution on LAN without DNS.
Just do not run if you do not need it. task-desktop pulled in via
recommends to avahi-daemon so you can remove it easily.
> I remember in the past the xserver would listen by default (at least on
> some linuxes), but now the default apparently is not to listen, which is
> a good thing, though it took a while to get there.
Anyway, checking it yourself for your system is good idea than asking
such thing in general sense.
Osamu
Reply to: