Hi,

This is a good thing - but for those who expect a new installation to
provide the same services as an earlier installation (non techie users)
will be confused.  How about some option during installation to make a
'secure' installation - disabling 90-100% remote services that are
either a security consideration (rsh/rlogin) and others which are rarely
used (comsat/talk etc) and those that should really be configured first
(ftp) and those which should be restricted (telnet).
Could this lead to more security related installation-configuration
options?

summary:
 user option to make a more secure installation


my 0.02c worth

-M

Erik Fair wrote:
> 
> We have "shell" (rsh) and "login" (rlogin) turned on by default in
> /etc/inetd.conf. I think this is a bad default. I filed a PR on this
> issue some months ago, but there's been no movement. I can obviously
> commit the change to comment them out myself, but I want some
> discussion before I "just do it".
> 
> This is going to tech-net rather than tech-security because I think I
> can guess that the security mavens (among whom I most often count
> myself) are supportive of such a change; I wanted a little wider
> exposure to people who are network mavens.
> 
> What do you all think?
> 
>         Erik <fair@clock.org>