RH Taroon Beta Open Ports

Chuck Wolber chuckw at quantumlinux.com
Tue Aug 26 19:17:30 UTC 2003


> > I've just done a "complete" install of Taroon on a scratch box, with
> > iptables firewalling disabled
> 
> Realize at this point you are NO longer talking about securing a "stock"
> install.

That's simply not the case. It's an option during the install, hence it's 
a stock install. Going beyond a stock install should mean bolting stuff on 
after the new machine has come up and is ready for general use.


> You are now running a "custom" install, the responsibility now rests on
> your shoulders. If you remove the installed-by-default air filter from
> your automobile, that is your prerogative. Deal with the consequences.

Removing the installed-by-default air filter is something that happens
after the car arrives in your driveway. What happened above, happened
while the "car" was still in the factory. Sure, the customer asked for
some "special options". In that case, the factory shouldn't break the
"car"  just because you asked for options. To use your terminology...


> The stock RH install is secure by default. The firewall created at
> installation time prohibits ALL inbound connection requests except for
> ICMP echo requests (ping).

Which stock install is that? The desktop? The server? Perhaps you mean the 
laptop? Or were you talking about the upgrade install?


> I strongly disagree with claim that very few small and medium business
> Linux environments use NFS and instead use Samba.

Agreed. Samba uses SMB locking semantics and NFS uses POSIX locking
semantics. Don't call a plumber to do your brain surgery...


-Chuck


-- 
Quantum Linux Laboratories - ACCELERATING Business with Open Technology
   * Education			| -=^ Ad Astra Per Aspera ^=-
   * Integration		| http://www.quantumlinux.com
   * Support			| chuckw at quantumlinux.com





More information about the devel mailing list