[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this mail list dead?
On Tue, Mar 13, 2001 at 04:18:42PM +1100, Neale Banks wrote:
> "filter by application" could inded be a bit tricky - and security is
> often (always?) easier to maintain in "simple" systems.
I really like LIDS (www.lids.org) because it allows you to give certain
applications the ability to bind to a port. You could allow the duly
authorized system daemons CAP_BIND (running as a normal user) but nothing
else could bind to any port anywhere.
> On a more down-to-earth level, how many distro's can run out-of-the box
> without inetd? Or at least without portmapper?
The vast majority *can* (and should) but none, to my knowledge, do. I had
a few go-arounds via email with the folks at RedHat a month or so ago when
that incredibly embarassing (and entirely RedHat's fault) worm came about
a while back. They assured me that their next distribution would be
running few daemons out of the box.
--
Tracy Reed http://www.ultraviolet.org
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/