For what its worth, and without wanting a distro-religious war about it, Mandrake has a variety of security levels, which can be locally configured, and which can allow exactly this sort of behavior;
At high security levels, any new services that get installed (from RPMs) are only allowed from localhost or even, IIRC, services may not even be started by default, neither post-install nor on reboot: you have to set them up manually. Might be worth a look to see how they did it to see if it can be easily implemented on debian? On Thu, 25 Sep 2003 10:04, Florian Weimer wrote: > On Wed, Sep 24, 2003 at 01:42:01PM -0700, Adam Lydick wrote: > > Is there any effort to reduce the number of services running on a > > default debian install? For example: a typical workstation user doesn't > > really need to have inetd enabled, nor portmap (unless they are running > > fam or nfs -- which isn't enabled by default) > > I think it's more important that services only bind to localhost after > installation (in the default configuration).