Hi, Michael Rose <[email protected]> writes: > During installation, tasksel gives you the option of including "standard > system > utilities". This group includes nfs-common and rpcbind, which, post > installation, automatically launch daemons that listen on ports. Debian's > default iptables configuration after installation is to allow all connections. > This is a security concern. > > There's no indication to the user that selecting standard system utilities > will > do this. Having a permissive firewall policy by default is fine, provided that > no open ports are running by default as well, but this is not the current > situation. > > Possible solutions: > 1. Do not include these packages in the task
That is the current plan for Debian 9, see [1] and [2]. Ansgar [1] <https://lists.debian.org/debian-devel/2015/05/msg00089.html> [2] <https://bugs.debian.org/788702> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
