On Tue, 26 Aug 2003, Dax Kelson wrote:
On Mon, 2003-08-25 at 09:27, rhldevel(a)assursys.co.uk wrote:
> Which local processes? We've already heard about sgi_fam, and we already
> know about NIS and NFS, but is this really worth leaving it listening on
> external interfaces in a _default_ install?
You are forgetting what you yourself stated in the message that started
this whole thread.
You said, "I've just done a "complete" install of Taroon on a scratch
box, with iptables firewalling disabled."
We/you are NOT talking about a _default_ install.
The whole premise for this entire discussion is flawed.
Read one of my later posts where I explain that I believe that a number of
inexperienced users will disable the firewall either fearing it will cause
unknown breakage, or leave it as "something to configure once I've got the
Regardless, through experience, I'm a firm believer in defense-in-depth, and
nothing will change that belief.
I think I've said all I can on the topic now. Red Hat can choose to do
whatever they wish, and I'll continue to disable unnecessary services
regardless of whether they're firewalled. But if they continue to ship OSs
with unnecessary services running, they may end up regretting this
discussion... (not a threat, just a prediction - my hat is white!)