On Thu, 2002-09-05 at 18:06, Robert Fox wrote: > On Thu, 2002-09-05 at 13:53, Pixel wrote: > > [EMAIL PROTECTED] (Robert Fox) writes: > > > > > Could someone please explain why an average user would need the > > > following services running as default: > > > > > > rwhod > > > saslauthd > > > ipvsadm > > > > Could someone please explain why an average user would have those > > packages installed by default > > > > is the real question i would ask. > > > > The descriptions are not very clear for these services - and I perform > only an "expert" install and choose just the Server option for SSH, etc. > > > > Also, if someone NEVER uses NFS - it is safe to turn off portmap, nfs > > > and nfslock . . . > > > > wrong. portmap is used by fam. > > > I have been stopping portmap as a service for quite some time and > nothing seems to complain (fam never choked!) > > > If you don't want nfs server, don't install nfs-utils (i agree the > > package name is not really good) > > > Maybe there should be better documentation on what are the "critical" or core >services which are absolutely necessary - and a good description of the rest so >someone could make the right decisions! > > Thx, > R.Fox > > I agree with Fox's general comments, how about a workstation/server option during setup? Or, how about something like lock down workstation? It would be incorporated into the security settings and firewall setup. The general philosophy should be the defaults should be the most secure. Just take a look at MS for lazy security attitude AND the problems that result.
For one, I get annoyed disabling X Server's listening port which is not needed on a workstation. There is a ritual I go through in locking down my workstation every time I install Mandrake. (e.g., like limiting CUPS to local access). As for fam it complains if portmap is disabled when you su but that is it. Gabriel
