El Domingo, 10 de Junio de 2007 15:11, Simon Jolle escribió: > Hi list > > After default installation of Fedora 7 too much network daemons listen > for incoming connections. I admit, that those services are closed by > iptables rules (default only accept inbound SSH connection). That's actually what OpenBSD does So, talking about Fedora or RH systems, by default the daemon which listen for connections are only the ones you'd choose to install during your installation process, right? > > Additionally if you install supplement software by using "yum", those > daemons get enabled right after installation. I guess if someone is installing a daemon by using yum, it means it really needs it, which leads us to suppose this user knows what he's doing and why, no one runs "yum install proftpd" by accident, uh? And furthermore, if this user decides to install the daemon it means his gonna use it, so not enabling it after the yum installation won't make any difference, IMHO. > > OpenSolaris have quite a good solution to deal with security vs > comfort. See the "Secure by Default" project [0] Again, like OpenBSD :-) > > Is there a chance to have in Fedora and RHEL a secure by default > installation? What do you developers think about this issue? Any pro > and cons to implement this? It is, actually as long as you install only daemons you're gonna use and enabling SeLinux. That's my opinion, Cheers Manuel -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
