RH Taroon Beta Open Ports

Dax Kelson Dax at GuruLabs.com
Tue Aug 26 07:52:38 UTC 2003


On Mon, 2003-08-25 at 05:50, rhldevel at assursys.co.uk wrote:
> Hi -
> 
> I've just done a "complete" install of Taroon on a scratch box, with
> iptables firewalling disabled

Realize at this point you are NO longer talking about securing a "stock"
install.

You are now running a "custom" install, the responsibility now rests on
your shoulders. If you remove the installed-by-default air filter from
your automobile, that is your prerogative. Deal with the consequences. 

The stock RH install is secure by default. The firewall created at
installation time prohibits ALL inbound connection requests except for
ICMP echo requests (ping).

The firewall created at install time allows ALL outbound connection
requests initiated by the host to work with no problems (this was not
the case in previous RHL versions).

There is an extremely simple UI for the user to manually ENABLE selected
inbound connection requests while leaving the rest of the firewall
intact.

I strongly disagree with claim that very few small and medium business
Linux environments use NFS and instead use Samba. 

Leave my daemons required for client-side NFS running by default please.

I'm all for security in-depth, however, a tunnel vision approach to this
results in the end game of setting your default runlevel to 0.

Dax Kelson
Guru Labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20030826/2c173196/attachment-0002.bin 


More information about the devel mailing list