> Setup a good default /etc/rc.d/rc.firewall (well commented) which blocks
> spoofing attempts, etc.
Some users (eg: me) still use dial-up - that's why it's better not put
it /etc/rc.d/rc.firewall (maybe I'm wrong though). I have a dial-up
bastion firewall script in my homepage under "Tutorial" section
http://www.cyest.org/tutorials/ppp-security/ ... I think it's a better
idea just to leave the firewall alone and let the user learn it by
himself though.. for example - if you take a look at my script, I have
to get $IPLOCAL and $IPREMOTE first before connecting.. that's why I
didn't put it in /etc/rc.d/rc.firewall - instead in /etc/ppp/ip-up.local
> No users (not even server installs) need httpd, postfix, pop3, imap,, named,
> snmpd, linuxconf, webmin, portmap, netfs, xfs (only for remote X-sessions),
> kheader (?), pcmcia (only for laptops), pretty much all K* services,
> etc until they NEED to use them and they configured them properly.
Except for PCMCIA - Laptop.. maybe it's a good idea if there's a dialog
box asking "Is this a laptop computer or desktop?" (I know I'm silly)
during install..
Here are the services that I enable for myself (an average desktop
user):
apmd, crond, keytable, gpm, lpd, network, syslog, random, xfs, identd
(_required_ for IRC so that you won't be banned from #linux @ Efnet),
and if necessary : USB and IrDA :)
My 5349 cents (tax in Cyberspace) ;)
> My 2+1 cents (tax in Canada) ;)
>
> Thanks... Dan.
--
Prana <[EMAIL PROTECTED]>
http://www.cyest.org
My GnuPG Key ID: 0x33343FD3 (2000-07-21)
Key fingerprint = F1FB 1F76 8866 0F40 A801 D9DA 6BED 6641 3334 3FD3
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x33343FD3
