On Tue, 6 Mar 2001, Prana wrote:
>Since last year I've been saying "Turn off services by default" for more
>than 10 times. Now I read a review in ActiveWin.com about LM 7.2 being a
I agree. Last time I installed cooker (MDK8.0b) I had to turn most of
the services off. It was not enough, because I had to reconfigure the
rest of the services anyway. Or do you like NFS server running in
your server without any shared directories? Result: you have no
service and one extra source of exploits.
The only network server I know to be useful right after the installation
is sshd, and even it should be configured not to allow root logins.
>(developers) listened to me? Users, being Linux newbies, have all
>promiscous services running, and if they forget to run Mandrake Update
>they will get hacked. They don't even know what a daemon is, so why
>bother turning all NFS server on? Why not just give a message box after
And those who are power users (with direct connection to the
network) turn all the services off until they have corrected
the corresponding configurations and updated the packades.
So why to brother to keep the services on by default?!?
>And in 8.0 there's an install option that asks them about what services
>they want to run. For God's sake, they're Windows-convert users, how can
Like I said, the only question which I want to hear is:
"Do you like to run SSH daemon to permit logins from the network?"
What comes to Aurora, amd, anacron, atd, harddrake, etc, etc,
I'm not sure what do with them. Any ideas?
>default_*. This is because Mandrake have ALL services running, at least
>it is for the development version. I don't know how many times I've told
>Mandrake developers to turn it off by default, and they NEVER listen to
This brings us to the next question. Why the installer has to install
all the services, even if I don't need them? Those servers should
not be installed, because if they are not there in the first place,
they cannot be exploited either.
BTW: why do I have wu-ftpd, proftpd (added by myself), tftp-server and
anonftp installed at the same time?
And why dhpcd is running by default? Last time I updated my server
to Mandrake 7.2 I missed the check box and the whole 130.232.134.*
subnetwork went mad for couple of hours! And this just because of
an old configuration file which wasn't even used before the update
(the dhcp daemon wasn't running!). Luckily enough I noticed fast
enough that the server which was not supposed to run was running
and blocking the internet access from over 50 people by giving
false addresses and netmasks for each of them!
I hope you learn the lesson here and disable all the services by
default. I don't care if someone who is testing the system in
his own private network wants to save a minute of his time by
running all the services by default. You can really mess up the
whole subnetwork by your way of doing things.
>course it is, since it includes stuff like GIMP, XMMS, etc. However,
>I've personally never used stuff useless stuff like xmame and xmess
>which takes a lot of hard-drive space and they're in the default
>selection of install. I never run tin, xrn, or other old and ugly news
Agreed too.
> people don't like services turned on by default, it's useless, trust me.
And dangerous too. Someone might send a bomb to the idiot (read
developer) who thought that turning the services on by default
would be a good idea.
Regards,
Matias
