On 2013-05-07 00:52:03 +0800, Thomas Goirand wrote: > On 05/06/2013 10:08 PM, Christoph Anton Mitterer wrote: > > The usually come only with a default config which may not be hardened > > enough for the local system, and that short time may already be enough > > for an attacker to attack. > If the default config isn't hardened enough, fix the default config.
This can be fine for some daemons/servers. For instance, for a web server, displaying a default web page is harmless. But what about a mail server? Any default config would probably lead to loss of mail if things like virtual alias domains are used. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130506200036.ga16...@xvii.vinc17.org
