Tim Haynes <[EMAIL PROTECTED]> writes: > "Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > > And let's not forget that plenty enough people don't know all 3 obvious > commands for finding a process responsible for a given listener, or don't > have `head /etc/services` in short-term memory, or why 53/tcp is a Bad > Thing, etc...
Just a minor nit: 53/tcp is *not* inherently bad. Blocking it breaks some DNS functionality. > Yes. I've seen the question `should one aim for secure by default?' before > and never made up my mind; there is a `false complacency' argument to be > wary of, of course, but I'm now pretty much decided that one should aim for > as secure as possible if only to stop things spreading through people's > incompetance. I agree with this. Sysadmins should also be vary of legacy services that "have always been there" in Unix. A lot of that cruft follows us around just by tradition. What I would really like Debian to do when installing services is to *not* start them by default. Just install all the files, but make init scripts not run unless edited. -sami.