sön 2007-06-10 klockan 16:34 +0200 skrev Andras Simon: > On 6/10/07, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: > > Ipv6 is not a daemon or service. > > Right, but I think that it is relevant in a discussion about "secure > by default". (I'd be more than happy to be corrected about this.) I tried to remove the ipv6 module once and found that xinetd needed to be reconfigured to use v4 instead. (It uses v4 "through" v6 by default, I think.) There might be other similar cases. So it's not just a matter of removing the module. Might be doable though, but I won't do it because I want more v6, not less. :) > Since I disabled them after first boot, I can't name them all. But > rpc, nfs, sendmail were definitely among them. Though they may have > been hidden by the default firewall rules. I agree/am of the opinion that the system should be designed as if the firewall wasn't there. (Think multi-layer security.) There's a thread about this on fedora-devel-list, with this in the subject: too many deamons by default - F7 test 2 live cd I don't think there was any agreement of which services could be disabled by default, though. There's room for improvement here, though. /abo
