Feature Request "secure by default"
Andras Simon
szajmi at gmail.com
Sun Jun 10 14:34:28 UTC 2007
On 6/10/07, Rahul Sundaram <sundaram at fedoraproject.org> wrote:
> Andras Simon wrote:
> > On 6/10/07, Manuel Arostegui Ramirez <manuel at todo-linux.com> wrote:
> > [...]
> >> So, talking about Fedora or RH systems, by default the daemon which
> >> listen
> >> for
> >> connections are only the ones you'd choose to install during your
> >> installation process, right?
> >
> > Not quite. I unchecked just about everything (and certainly all
> > servers) during the install. Still, I found a lot of potentially
> > dangerous services running. At some point during the install I said NO
> > for ipv6. Still, I have the ipv6 kernel module loaded, and my nic has
> > an inet6 address. Etc.
>
> Ipv6 is not a daemon or service.
Right, but I think that it is relevant in a discussion about "secure
by default". (I'd be more than happy to be corrected about this.)
> What daemons by default are connecting
> to the network?
Since I disabled them after first boot, I can't name them all. But
rpc, nfs, sendmail were definitely among them. Though they may have
been hidden by the default firewall rules.
Andras
More information about the fedora-list
mailing list