Feature Request "secure by default"
Andras Simon
szajmi at gmail.com
Sun Jun 10 15:04:56 UTC 2007
On 6/10/07, Rahul Sundaram <sundaram at fedoraproject.org> wrote:
> Andras Simon wrote:
>
> >
> > Right, but I think that it is relevant in a discussion about "secure
> > by default". (I'd be more than happy to be corrected about this.)
>
> I can't see how it is relevant. It isn't a daemon and it doesn't connect
> to the network. If you did disable it and it was turned that is indeed a
> bug that not one that really affects security.
Not even in terms of open ports (whatever they're called in ipv6 parlance)?
In that case, it can just as well stay enabled as far as I'm concerned.
>
> What daemons
> >> by default are connecting
> >> to the network?
> >
> > Since I disabled them after first boot, I can't name them all. But
> > rpc, nfs, sendmail were definitely among them. Though they may have
> > been hidden by the default firewall rules.
>
> The services you quote don't connect to network by default. For example,
> sendmail is by default configured to connect only to the localhost. It
> is enabled only to deliver log files to the root user and you have to
> explicitly configure it to connect to the network. The default firewall
> configuration does block it too.
This is good to know.
Thanks,
Andras
More information about the fedora-list
mailing list