IMHO I can agree with most of the statements written down in this text. I can not understand why I need ntpd or sendmail activated in default installations. If I want to setup a time server or a mail server with further abilities I can install them later on. Most of the installations don't need such features. I don't think that the majority of servers do need threaded AES-CTR or NONE ciphers also. For me a installation should be a minimum set of features and a secure one as well. For all further things I need to know what I want and can install them. This has nothing to do with:
>If you need hardening, you should always check and know your system. because also if you don't need hardening you should always check and know your system. >I assume the virgin installed system will be ready to be remotely >configured (e.g. sshd running, no firewall). This will be as well with minimum sshd configuration and firewall activated. >If we can assume that this About blob from the FreeBSD site is it’s mission >statement: “””” >https://www.freebsd.org/about.html What is FreeBSD? FreeBSD >is an operating system for a variety of >platforms which focuses on features, >speed, and stability. It is derived from BSD, the version of >UNIX® deve… And thats the problem, there is no word about security in this mission statement, but maybe it should be there in the actual word. Just my 2 cents _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
