Am 11. Mar, 2002 schwätzte George Toft so:

> What caught my attention was it was running KDE, implying runlevel 5.
> No need to have gpm running in runlevel 5.  Yes it was minor, but

Sure there is. I use consoles all the time. More on my laptop than on my
desktop, but gpm certainly can be useful. I still generally don't set it up,
though :).

> Next was portmapper and sendmail.  Having sendmail indicates this is
> a mail server.  I shy away from having portmapper (or any r* services)
> on any server w/o a good firewall or two between it and the Internet.

I avoid all rpc services like the plague they are :). As I list in my RH
doc, sendmail can be turned off.

> My philosophy is that no machine should rely soly upon a firewall for
> protection - they should be able to stand alone for a short period
> of time in case the firewall is compromised.  You do have an Intrusion

Agreed. In this case RH does that by putting a firewall on the box itself.

> includes an IDS.  Another opinion: no workstation should accept
> traffic sent to it unless that traffic is a response to something it
> initiated.  Third opinion: no production server whould be used as a
> workstation.

I agree as for the work place. For home whatever box I'm on is a workstation
:). Generally, I've only got one or two boxen with X on them, though. I also
run services off them. I can only put up so many boxen and I like to put up
experiments. Then again, all those boxen are behind a firewall and I keep up
with security updates ( apt-get update && apt-get -u dist-upgrade ). ssh
just went in from woody. /me saunters over to the firewall for an update
there as well :).

ciao,

der.hans
-- 
#  http://home.pages.de/~lufthans/   http://www.DevelopOnline.com/
#  Motorraeder toeten nicht. Motorraeder werden getoetet.