On Sun, 22 Jul 2001, Steven Barker wrote: > > On Sat, Jul 21, 2001 at 08:51:23PM -0700, Jacob Meuser wrote: > > <snip> > > > No, I'm simply saying not to start services immediately. > > <snip> > > Well, I'm going to wade into this growing flamewar to point out what I think > is a sound idea. The trouble with the current system is that installed > daemons automatically start running with a default configuration. This is > not always bad, but does not allow a paranoid sysadmin to protect themselves > (short of ugly workarounds like taking down the network interface until the > server is shut off). > > I think that there should be a way to install a debian server packages > without having the installation scripts start the server. This need not be > default, but it should be possible. >
I think this is a great idea, also, if dpkg / apt showed what servers were being setup to run after the initial install, it could be saved to a file. This would also assist if there was a break-in and a new server running you could check against your original list. > I'm sure there are many ways this could work. Perhaps: > > [EMAIL PROTECTED]:/etc# apt-get install --no-run apache > > would download, install and configure apache, but not run it. When the > sysadmin was satisfied with the configureation files, etc, then update-rc.d > and such could be run by hand (or by another call to apt-get/dpkg with > another flag). One option here would be a simple [y/n] question whether or not to run the new service automatically as part of the package install. --snip-- Colin. -- Colin Johnson [EMAIL PROTECTED] Remember: Everything you see on screen is but ones and zeroes.
