On Saturday 04 November 2006 19:09, Nick Guenther wrote: > Just came across this article: > http://geodsoft.com/howto/harden/OpenBSD/services.htm > > This list has made me skeptical of claims about hardening, especially > when done independantly. In particular, the article says > "The most interesting configuration choice in the default OpenBSD > install is portmap and some of the related RPC services. portmap is on > by default and the comment is that it's "almost always needed". [. . > .] Disregard the "almost always needed" comment. Portmap should not be > running on a machine that is acting as a firewall or public Internet > server such as a web, FTP, or SMTP server." > > So is he right? > > -Nick
It seems that this was written to cover OpenBSD 2.9, and revisied for 3.0. Keeping old sites like this online without a huge disclaimer saying "likely out of date!" seems irresponsible to me. Look at /etc/rc and /etc/rc.conf to see whats going on these days. Always look to see what an author claims about whats going on in OpenBSD before believing what they say... --STeve Andre'