By default, IMHO, a system should resist a standard install on a public ip address without being owned within the hour.
If you need hardening, you should always check and know your system. Especially if something says “secure by default”. Wonder how HardenedBSD is doing these days… https://wiki.freebsd.org/Hardening You do want to protect your basic users from themselves to a certain extent. The SSL mess is a mess, but libreSSL hasn’t been spared either. Nevertheless I am sure that the Core Security team is having regular discussions on some defaults. If we can assume that this About blob from the FreeBSD site is it’s mission statement: “””” https://www.freebsd.org/about.html What is FreeBSD? FreeBSD is an operating system for a variety of platforms which focuses on features, speed, and stability. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. It is developed and maintained by a large community. “””” The rant is not that justified baring in mind the versatility of FreeBSD. Sincerely, Steve > On 13 Jul 2016, at 10:57, Dan Lukes <d...@obluda.cz> wrote: > > Particular system needs to be tuned according local environment, goal and > requirements. Thus I don't care install-time defaults so much.
signature.asc
Description: Message signed with OpenPGP using GPGMail
