Re: Feature Request "secure by default"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sön 2007-06-10 klockan 16:34 +0200 skrev Andras Simon:
> On 6/10/07, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote:

> > Ipv6 is not a daemon or service.
> 
> Right, but I think that it is relevant in a discussion about "secure
> by default". (I'd be more than happy to be corrected about this.)

I tried to remove the ipv6 module once and found that xinetd needed to
be reconfigured to use v4 instead. (It uses v4 "through" v6 by default,
I think.) There might be other similar cases. So it's not just a matter
of removing the module.

Might be doable though, but I won't do it because I want more v6, not
less. :)

> Since I disabled them after first boot, I can't name them all. But
> rpc, nfs, sendmail were definitely among them. Though they may have
> been hidden by the default firewall rules.

I agree/am of the opinion that the system should be designed as if the
firewall wasn't there. (Think multi-layer security.)

There's a thread about this on fedora-devel-list, with this in the
subject:

 too many deamons by default - F7 test 2 live cd

I don't think there was any agreement of which services could be
disabled by default, though. There's room for improvement here, though.

/abo


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux