"Nick Guenther" <[EMAIL PROTECTED]> writes: > This list has made me skeptical of claims about hardening, especially > when done independantly. In particular, the article says > "The most interesting configuration choice in the default OpenBSD > install is portmap and some of the related RPC services. portmap is on > by default and the comment is that it's "almost always needed". [. .
The article looks quite dated. The copyright notice at the bottom extends to 2006, but that particular article looks like it could not have been updated much since around the time of the OpenBSD 3.0 release. The article treats PF as an untested newcomer, and the references to rc.conf and inetd.conf content do not match with any recent OpenBSD release (the oldest I have running is 3.9). A word of caution to people who take it upon themselves to write docs: When you don't feel like maintaining the material any longer, *PLEASE* have the decency to remove it from the net, unless of course you can arrange for somebody else to update your baby and keep it up to date and useful. Otherwise you will find that something you wrote and may very well have been valid and useful at the time turns into a real pain for others. The point he's trying to make about running only the services you know you need is valid, though. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
