On 02/25/2018 09:52 PM, @lbutlr wrote:
Really? What runs services automatically? The last time I setup freeeBSD 11.1
(last month) it wasn't even running sshd until I specifically enabled it.
There are other distributions of POSIX-compliant operating systems.
(Let's forego the religious war about *BSD, please.) Depending on the
options selected at install time, those options may indeed launch an
outside-facing service, such as DNS, or use Remote Procedure Call
protocol (RPC).
That means that a sysadmin new to a particular distribution may not be
aware of the defaults built into the installer, or where there is a
variety of options the defaults for each installer option.
In my $DAYJOB I used CentOS, and sometimes am astonished what Red Hat
thinks is "important". Mint has a different set of "why?" services it
installs by default.
By starting with the absolute minimum system install, and adding only
what is absolutely necessary, the sysadmin keeps the astonishment factor
to a minimum.
(There I go, using the word "astonish" again.)
I would suspect that a large number of PostFix admins are running
systems on hardware where disk space is not an issue, and the firewall
blocks the worst of the resulting attack service. Defense in depth says
that you block the socially inconsiderate in multiple places, and not
put your faith solely in firewalls and such.
"Place Not Your Faith in an Ace Kicker." -- _Number of the Beast_,
Robert Heinlein, 1980
