On Thu, Jun 30, 2005 at 11:16:18AM +0200, neologix wrote: > Hi everybody. I hope this question won't be too stupid. > When I perform a standard installation (i.e minimal), the installer installs > many servers, and launches them (like portmap, ssh, exim, etc). Why? > I think that OpenBSD and FreeBSD, for example, don't launch any daemon at all, > or at least prompt you before doing that. There must be a reason, but I don't > see it (I'm not a networking/security guru, so please forgive me if the answer > is obvious).
It's not obvious, but it is docummented, please read: http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.6 and http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html Short answer: - exim - (important priority) required for local mail delivery, if you don't configure it to act as a MTA it will only be accesible through 127.0.0.1 (i.e it will not be exposed) - sshd - part of the 'standard' installation. If you don't want standard you need to do a minimal install (using the 'expert' mode) - portmap - standard, needed for some RPC services such as NFS (uncommon) or FAM (common in desktop environments). It can be easily configured to listen only for localhost queries to reduce exposure (check /etc/default/portmap, there is a debconf question to enable/disable in etch and sid). You can also prevent it from installing if using expert mode (i.e. if you don't install nfs-common either, which is also of 'standard' priority) That's more or less what you will have in a stock standard installation. If you use a minimal installation through expert mode you can end up with 0 network services, if you install some task you might end up with _more_ network services (printer service, FAM, web server, etc.). So what you have actually depends on your choices through the installation process. Regards Javier
signature.asc
Description: Digital signature