Most of the services are controlled by: -drakxservices (sets what runs at boot, basically puts symlinks into the /etc/rc.d/rc.x directories from /etc/rc.d/init.d) -/etc/inetd.conf -/etc/hosts.allow -/etc/hosts.deny The last 3 are identical to the way it is on redhat (except secure by default, whereas before 7.0, redhat was vulnerable by default!) Buchan Greg Stewart wrote: > > My problems began, I think, when I installed MDK7.1 with a security level of > "High". I avoided paranoid, because I felt it would be too limiting. > > No matter what I tried I couldn't get any services to connect from client > machines. > > I tried msec 0 in desperation, and got a little closer: ftp would ask for a > user, but *everything* was refused; ssh, http, etc. were the same way. > > I tore apart the msec scripts as best I could before a massive headache set > in, but I realised that a whole pile of services, files, directories and > other objects were being controlled that I didn't want messed with until I > actually dealt with them. > > Overall, I prefer not having to reverse-engineer a system before I implement > it. Mandrake's msec utility may be a thorough utility, and a rather > effective one at locking the system to prevent intrusion, but I simply found > it to be more of a hassle--to build the server that I needed--than was > useful to me. > > In case you are interested, the gripe I have with MDK7.1 as a desktop OS is > in it's implementation gnome/KDE organisation. I think the best move would > be to get rid of the auto-menu, and use the developer's defaults for the > desktop managers. Locating anything I was used to in other distros was > rather frustrating. Also, helix-gnome (and this may be changing in 7.2) > probably would have been a better choice. > > Please don't take my criticism to mean that I don't like MDK. Or that I'm > attempting to demean the distro in any way. There are flaws with every > distribution of linux these days, and there will be for some time. It is, as > you know, a developing OS. And, not all distributions will be the right > distro for everybody. I know admins that wouldn't dream of using a server > with anything but Debian installed... and personally, I find Debian a little > too confusing for me. > > -Greg > > ----- Original Message ----- > From: "Vincent Danen" <[EMAIL PROTECTED]> > > > On Fri Oct 13, 2000 at 11:48:10PM -0400, Greg Stewart wrote: > > > > > "to say that Mandrake doesn't make a fantastic server is nonsense." > > > > > > I don't believe that's what I said... > > > > No, you're right... I may have said that the wrong way... to me, > > Mandrake makes a fantastic server. Perhaps I should have said "to > > imply" instead of "to say". > > > > I would really like to know why tou think that the security features > > get in the way of your customization/configuration, however. If there > > is something we can fix or enhance, we would like to know about it. I > > have yet to find anything getting in the way of me doing anything I > > want to with the server (unless I set it to paranoid security). I'd > > like to know what your problems (frustration maybe?) with it is, if > > you don't mind. > > > > > > On Fri Oct 13, 2000 at 06:35:45PM -0400, Greg Stewart wrote: > > > > > > > > > Actually, I agree: Don't fix what ain't broke--Red Hat is (still) > > > developed > > > > > as a server OS, where Mandrake makes a better Workstation > OS--although > > > there > > > > > are security features to help "lock down" a Mandrake server that are > > > > > installed in MDK7.1 by default, I have found them to get in the way > of > > > > > customisation/configuration. > > > > -- > > [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net > > // Danen Consulting Services www.danen.net, www.freezer-burn.org > > // MandrakeSoft, Inc. www.linux-mandrake.com > > 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD > > > > Current Linux uptime: 1 day 1 hour 34 minutes. > > > > > > ---------------------------------------------------------------------------- > ---- > > > Keep in touch with http://mandrakeforum.com: > > Subscribe the "[EMAIL PROTECTED]" mailing list. > > > > > ______________________________________________________________________________ > Vous avez un site perso ? > 2 millions de francs à gagner sur i(france) ! > Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif > > ------------------------------------------------------------------------ > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list. -- |--------------------------------------------------------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone +27824722231 email mailto:[EMAIL PROTECTED] Centre for Automotive Engineering http://www.cae.co.za South Africas first satellite: http://sunsat.ee.sun.ac.za Control Models http://www.control.co.za |----------------Registered Linux User #182071-----------------|
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.