Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
Michał Piotrowski p*še v Po 06. 12. 2010 v 20:22 +0100:
> 2010/12/6 Bill Nottingham <notting@redhat.com>: > Does openssh stands out something special between other demons? Actually, it does - for remote installations (sometimes the only option) ssh needs to be running after installation so that the system administrator can connect to it and start configuring it. Other services are not necessary like this. (Yes, the system administrator can write a kickstart script that enables the service after installation. I'm not sure that something we can ask a novice sysadmin to do, however.) Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote:
> Cron - but should be activated only when cron files exist > > It seems to me that the list: > - ssh > - Dbus > - syslog > - iptables > - ip6tables > - auditd > - restorecond > is an absolute minimum to get "working system". I don't agree that ssh is required for a "working system". A desktop user may never ssh to his/her own machine. (Whether to enable ssh by default is a different question.) -- Matt -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Tue, 2010-12-07 at 01:07 +0100, Michał Piotrowski wrote:
> 2010/12/7 Matt McCutchen <matt@mattmccutchen.net>: > > On Tue, 2010-12-07 at 00:38 +0100, Michał Piotrowski wrote: > >> Cron - but should be activated only when cron files exist > >> > >> It seems to me that the list: > >> - ssh > >> - Dbus > >> - syslog > >> - iptables > >> - ip6tables > >> - auditd > >> - restorecond > >> is an absolute minimum to get "working system". > > > > I don't agree that ssh is required for a "working system". > > It's required for all systems without display device That is, some servers. It needs to be easy to enable sshd when installing a server, but I don't see a reason to have it enabled by default on desktops. -- Matt -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
Adam Williamson p*še v Po 06. 12. 2010 v 17:57 -0800:
> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: > > > There are no stupid questions :) > > > > On most desktop systems firewall is not needed. Many users do not even > > know how to configure it. In fact I disable it in most of my systems, > > because there is no real use for it. So I asked a simple question > > whether there is a need to install iptables by default? > > On most laptops, however, which are the most common types of system sold > today, a firewall is very definitely needed when you're connecting to > hotel networks, public wifi access points... It's not quite as clear as that. Yes, the networks are dangerous. But what specifically is the firewall protecting, and what specifically does it prevent? Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Mon, 2010-12-06 at 17:57 -0800, Adam Williamson wrote:
> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: > > > There are no stupid questions :) > > > > On most desktop systems firewall is not needed. Many users do not even > > know how to configure it. In fact I disable it in most of my systems, > > because there is no real use for it. So I asked a simple question > > whether there is a need to install iptables by default? > > On most laptops, however, which are the most common types of system sold > today, a firewall is very definitely needed when you're connecting to > hotel networks, public wifi access points... We're trying to get beyond that conventional wisdom and look at what services might actually get unintentionally exposed in the absence of a firewall and whether there is some other solution (e.g., don't enable them by default, or bind to localhost). https://lists.fedoraproject.org/pipermail/devel/2010-December/146758.html -- Matt -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
Fedora default services (was: F15 Feature - convert as many service init files as possible to the native SystemD services)
On Mon, 2010-12-06 at 20:08 -0600, Chris Adams wrote:
> Once upon a time, Adam Williamson <awilliam@redhat.com> said: > > On most laptops, however, which are the most common types of system sold > > today, a firewall is very definitely needed when you're connecting to > > hotel networks, public wifi access points... > > The only thing you need a firewall by default for is to prevent services > that are listening on the network from being accessible. The better > solution is to stop having services listen on the network by default. > > This was done for sendmail many years ago; why hasn't it been done for > other things, such as rpcbind (and RPC services), cups, etc.? These > daemons should bind to localhost only unless otherwise configured. In the cups case might be probably reasonable to default to localhost. However for rpcbind it is clearly not so - what's the point of starting things that are mostly needed for NFS when you would be able to mount only NFS provided by the localhost and export it to the localhost only as well. In that sense it is debatable whether we want to have rpcbind ON by default but having it on and bind to localhost only does not make any sense to me. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel |
| All times are GMT. The time now is 11:45 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.