Jason Straight wrote:
> I think that for security reasons all network
> services should not be started by default until configured to do so by the
> user no matter what they say the machine is going to be used as. Anyone who
> plans on running a server of any kind should at least know what service they
> need to turn on to do it.
> There are linux zombies all over the place just because so many people
> install bind and didn't even know it was running a caching nameserver and
> never updated their system, then they got cracked.
Hear, hear!
It is also good for a service, when installed, not to turn itself on
automatically during the installation. Some services have default configurations
known to be friable, and it may eventually prove to be that many more are also
friable. Better to spit out a message saying ``enable service with [command]
after configuration, it will not be started automatically util then''.
--
Confidence is the feeling you have before you understand the situation.
