Andras Simon wrote:
Right, but I think that it is relevant in a discussion about "secure
by default". (I'd be more than happy to be corrected about this.)
I can't see how it is relevant. It isn't a daemon and it doesn't connect
to the network. If you did disable it and it was turned that is indeed a
bug that not one that really affects security.
What daemons
by default are connecting
to the network?
Since I disabled them after first boot, I can't name them all. But
rpc, nfs, sendmail were definitely among them. Though they may have
been hidden by the default firewall rules.
The services you quote don't connect to network by default. For example,
sendmail is by default configured to connect only to the localhost. It
is enabled only to deliver log files to the root user and you have to
explicitly configure it to connect to the network. The default firewall
configuration does block it too.
Rahul