On Sun, Oct 03, 1999 at 02:59:38AM -0400, Rick wrote: > I'm uncertain whether this is a good idea or not. I have helped many > people install redhat linux and, frankly, the daemon enable screen > confuses them. They don't know what all these things are or which ones > they may need. If this gets implemented at least have an obvious "enable > default daemons" button.
Agreed, this is a problem with Red Hat's implementation. We should ask the user what kind of policy they want to have for network services. We should inform them that there's a small risk that remote users may compromise their machine if they enable network services, but that in some situations the machine would be worthless without such services. We should present a couple examples (http, remote login), present the basic options (no network services on by default, most network services on by default, choose on a service by service basis), and we should give them a command to use after the install is complete that lets them see what network services are in use and what package is responsible for them, and a reference to how to find documentation in the variety of formats a package could supply it in (man, info, /usr/{,share}/doc, --help or -h, documentation embedded in configuration files, or for the really desperate: documentation embedded in programs) I'm not sure whether is such a reference about documentation. I'm sure there's no such reference about associating packages with network sockets. It would be possible to write such a thing, based on lsof -F -i -n, but maybe it's better to teach everyone how to use lsof (run lsof as root, teach about the +M option, egrep for '(UDP).*(LISTEN|\*)'), use dpkg -S to find package associated with a program. -- Raul