On Mon, Sep 29, 2003 at 12:06:43AM -0400, Phillip Hofmeister wrote: > On Fri, 26 Sep 2003 at 12:53:26PM -0400, Dale Amon wrote: > > Precisely. One cannot just install the packages and services > > one wants. One must step outside the package system to fix > > the problem, and continue to do so thereafter in the future. > > > > A major port service should not be installed on a system > > unless I specifically request its presence. There are too > > many packages which require things which they do not > > actually require. > > I would consider implementing an iptables firewall (whether it be > shorewall or home brewed (if you know what you are doing)) to be a bare > minimum for best-practices. > > Unfortunately (unlike RedHat and Mandrake) Debian offers no firewall as > part of the default installation. > > My advise, have a good generic firewall shell script and use it and > place it in /etc/rc(S|2).d/ of every system you install.
I do that as well. I also try to minimize exposure to the outside during the install if at all possible. I'd really like a simple means of turning services on and off in a distribution standard, dpkg/debconf understood way. It's one thing in the Redhat boot I like better than Debian. There is another common case I'd not mentioned. Since I do a lot of development work, I tend to have a *lot* of servers installed on my laptop, ready to run, but only when I need them. I do this entirely manually at present. I'd like to have the option of installing a package and marking it to not be started or run at boot time. Just because I want it available does not at all mean I want it running all the time. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]