RH Taroon Beta Open Ports

Howard Owen hbo at egbok.com
Mon Aug 25 16:04:48 UTC 2003


Why not configure portmapper to listen on localhost, then have the
services (mountd, ypserv, etc.) that need it enable listening on the 
wire when they start? You'd need a cooperative arrangement whereby the
init scripts would shut down external portmapper if they were the last
service that needed it on service shutdown.

Of course, you can argue that an admin that is configuring NFS
or NIS should understand the security implications and other 
requirements of these services, but we don't live in a perfect world.

and therefore be able to 
On Mon, 2003-08-25 at 08:45, rhldevel at assursys.co.uk wrote:
> On Mon, 25 Aug 2003, Bill Nottingham wrote:
> 
> > rhldevel at assursys.co.uk (rhldevel at assursys.co.uk) said: 
> > > Which local processes? We've already heard about sgi_fam, and we already
> > > know about NIS and NFS, but is this really worth leaving it listening on
> > > external interfaces in a _default_ install?
> > 
> > Set up a firewall, as is the default in the install...
> 
> Certainly, and allowing easy configuration of Linux's IP filtering
> functionality at install time was a very responsible move by RH.
> 
> But to a lot of naïve users, firewalls are deeply technical things, that
> they worry will interfere with normal usage. As a result, I believe a number
> of such users will install with the firewall disabled, or stop it when
> attempting to get things working - perhaps never to (re-)enable it. Having
> things like X11, portmapper and rpc.statd listening on an external interface
> is asking for trouble, IMHO.
> 
> > Bill
> 
> Best Regards,
> Alex.
> 
> 
> --
> Rhl-devel-list mailing list
> Rhl-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/rhl-devel-list
-- 
Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hbo at egbok.com    +1-650-339-5733  just sit there." - Will Rogers





More information about the devel mailing list