Warner Losh wrote:
>
> In message <[EMAIL PROTECTED]> Peter Wemm writes:
> :
> : In a dedicated server role, again it might be appropriate to default
> : it to "open" (dedicated server being something like a squid box),
> : again there will be a couple of sysadmin type users or people who
> : have to monitor things. Hiding information gains nothing there
> : either.
>
> I disagree with this, but that is because I've rarely seen a totally
> dedicated server. A simple fileserver that does nothing else would
> want to be open in this respect since few people have accounts.
>
> : In other roles, including something like a shell server box with presumably
> : hostile users (you reasonably have to assume this), you want everything you
> : possibly can to be locked down.
>
> Firewall, dialup boxes, dns servers, etc are good candidates to be
> locked down.
Firewall, web, dns, news, etc. servers are good candidates to be open because
there should not be any "normal" user accounts on them, only administration
accounts. And darned few of those. I think this is what Peter was getting
at.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
[EMAIL PROTECTED] http://softweyr.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
