Chmouel Boudjnah wrote:
>
> Prana <[EMAIL PROTECTED]> writes:
>
> > I will be really glad if most of the unnecessary services are turned off
> > for default install, including but not limited to, inetd daemon. It
> > minimizes or prevents the chance any attacks such as Denial of service
> > and buffer overflow. Let's take a look at the last big security problem:
> > rpc.statd and wu-ftpd, 2 stuff that was turned on by default install.
> > Redhat finally decides to turn off services by default in 7.0 and let
> > the user selects it. I think this has some advantages:
> > - It speeds up the boot process
> > - Reduce some memory consumption
> > - Prevents unexpected crack
>
> and what about for the new users when he doing a {gk}ftp host where he
> expect to work like for all others unixes/linux-distro.
>
> > Other reasons why I am requesting this to be turned off is that I find a
> > lot of newcomers from Windows don't even know what a daemon is, and even
> > when DrakConf has made it super easy, some of them don't really get it.
> > I find a lot of people don't even update the packages that have security
> > problem because they don't even want to read the book too much (this is
> > what most average users are).
>
> Doen't know what a daemon but know they can connect on his machines..
>
> > Mandrake is generally stable, except that there are some packages that
> > might still be in Beta and can cause lock up (only in X-Windows - you
> > can easily Ctrl-Alt-Backspace -- but newcomers from Windows might not
> > know about this), thus reducing the stability. I really hope that
> > Mandrake 7.2 is really stable so that newcomers from Windows won't
> > switch back. Linux has a good reputation of stability, and I really hope
> > that it will last for Mandrake and all other distros too :-)
>
>From a security standpoint I believe there are way too many daemons
running after a default install. Nmap yourself after a default install
and you'll see what I mean. In a normal install the only services that
need to be running by default are really telnet, ftp, and mayb a secure
login. I think cfengine made it on somehow in the install, which I
promptly removed due to the security notices on BugTraq... Call me
paranoid, but I think a new user would be better off learning to turn on
the services rather than having to clean up after an intrusion into
his/her system.
~Tim
[EMAIL PROTECTED]
