On Sunday, September 1, 2019 4:13:10 AM MST mcatanzaro(a)gnome.org wrote:
On Sat, Aug 31, 2019 at 6:37 PM, Nico Kadel-Garcia
<nkadel(a)gmail.com>
wrote:
> If 30 years in DevOps and system security in both large and small
> networks count for anything, this makes *complete* sense. The
> distinction between a "Workstation" deployment and a "Server"
or
> "Everything" deployment should not include leaving the Workstation
> completely vulnerable to the most casual script kiddie attacks after
> they install *any* services, especially including MySQL, DNS, Samba,
> or Tomcat, Jenkins, or anything else.
Well that's why installed network services are disabled by default in
Fedora, unless the package receives an exception from FESCo. This isn't
Debian where installing a package is expected to result in the service
being up and running. If you 'systemctl start' your service and the
firewall breaks it, that's just annoying.
Michael
There is not a single service in Fedora that is broken by the firewall
running. You simply have to open the port before it can be accessed from a
remote system, which is by design. Basic access control, a security feature.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/