Re: [tlug] Auto-detect

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Josh" == Josh Glover <tlug@example.com> writes:

    Josh> You have a point, though I have not heard of autorun in the
    Josh> Linux world.  Maybe I am just being blissfully ignorant?

I haven't either, but I don't hang out in those circles.  But the Mac
had it first, you will recall, and they haven't given it up.

    Josh> As far as I am concerned, having no net-facing services on
    Josh> is the *only* secure-out-of-the-box step that distros can
    Josh> reasonably take.

1.  Make it hard to turn on insecure services (telnet, ftpd).
2.  Provide secure settings when people decide to turn them on
    (no anonftp by default).
3.  Provide sane configurations for secure services (ssh) by
    default so they work out of the box, and people are less tempted
    to use the insecure ones.
4.  Install some basic security tools by default (logcheck, for example).
5.  For services with multiple implementations, provide simple,
    relatively secure implementations (postfix vs sendmail, vftpd vs
    wu-ftpd) by default, with locked-down configurations.
6.  Provide a working, locked-down firewall configuration by default.
7.  Don't allow root to have a password less than 38 characters long,
    all of them 3-finger-chords.  ;-)
8.  Don't allow root to send mail or browse the web.  ;-)

etc.  I could go on, but I'm getting silly.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.