> I've just done a "complete" install of Taroon on a
scratch box, with
> iptables firewalling disabled
Realize at this point you are NO longer talking about securing a "stock"
That's simply not the case. It's an option during the install, hence it's
a stock install. Going beyond a stock install should mean bolting stuff on
after the new machine has come up and is ready for general use.
You are now running a "custom" install, the responsibility
now rests on
your shoulders. If you remove the installed-by-default air filter from
your automobile, that is your prerogative. Deal with the consequences.
Removing the installed-by-default air filter is something that happens
after the car arrives in your driveway. What happened above, happened
while the "car" was still in the factory. Sure, the customer asked for
some "special options". In that case, the factory shouldn't break the
"car" just because you asked for options. To use your terminology...
The stock RH install is secure by default. The firewall created at
installation time prohibits ALL inbound connection requests except for
ICMP echo requests (ping).
Which stock install is that? The desktop? The server? Perhaps you mean the
laptop? Or were you talking about the upgrade install?
I strongly disagree with claim that very few small and medium
Linux environments use NFS and instead use Samba.
Agreed. Samba uses SMB locking semantics and NFS uses POSIX locking
semantics. Don't call a plumber to do your brain surgery...
Quantum Linux Laboratories - ACCELERATING Business with Open Technology
* Education | -=^ Ad Astra Per Aspera ^=-
* Integration | http://www.quantumlinux.com
* Support | chuckw(a)quantumlinux.com