On Sat, Jul 21, 2001 at 02:00:48PM -0700, Jacob Meuser wrote:
> On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote:
> > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote:
> > > You really can not blame people for not hiring
> > > "expensive unix sysadmins" and letting some semi competent windows user run
> > > the NT network.
> >
> > oh? and whyever not? its this blatent irreponsibilty that we have
> > such a mess security wise on the internet today.
> >
> Blatant irresponsibility, hmmm ...
>
> Perhaps Debian should follow the example of OpenBSD, and not start
> possibly dangerous services by default. It's really easy to install
> Debian and have all kinds of services running immediately. I doubt
> everyone who is running servers on Debain (by choosing to do so during
> the 'oh so easy' installation) really knows what they're doing.
if you install a service its expected you want to run it, so if you
don't need it don't install it.
that said nfs-common, nfs-kernel-server, portmap, telnetd, fingerd,
pidentd are all priority standard (in potato woody downgraded telnetd,
and fingerd). this means they will be installed by default unless you
skip tasksel/dselect, or explicitly set them to a deinstall state.
nfs-kernel-server won't start unless there is an export in
/etc/exports though, if that file is empty or all comments the
initscript will simply exit without doing anything. im not sure why,
or if its feasible for nfs-common to do something similar...
telnetd and fingerd are good to see gone. it would be nice if
nfs-common's initscript could tell whether it needs to run or not,
like the nfs-server one does.. portmap is of course fine since its
totally secure (see list archives).
last i used OpenBSD (2.6) it started portmap and identd by default at
the very least, maybe fingerd too i don't remember for sure.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
