Am 11. Mar, 2002 schwätzte George Toft so:
> What caught my attention was it was running KDE, implying runlevel 5.
> No need to have gpm running in runlevel 5. Yes it was minor, but
Sure there is. I use consoles all the time. More on my laptop than on my
desktop, but gpm certainly can be useful. I still generally don't set it up,
though :).
> Next was portmapper and sendmail. Having sendmail indicates this is
> a mail server. I shy away from having portmapper (or any r* services)
> on any server w/o a good firewall or two between it and the Internet.
I avoid all rpc services like the plague they are :). As I list in my RH
doc, sendmail can be turned off.
> My philosophy is that no machine should rely soly upon a firewall for
> protection - they should be able to stand alone for a short period
> of time in case the firewall is compromised. You do have an Intrusion
Agreed. In this case RH does that by putting a firewall on the box itself.
> includes an IDS. Another opinion: no workstation should accept
> traffic sent to it unless that traffic is a response to something it
> initiated. Third opinion: no production server whould be used as a
> workstation.
I agree as for the work place. For home whatever box I'm on is a workstation
:). Generally, I've only got one or two boxen with X on them, though. I also
run services off them. I can only put up so many boxen and I like to put up
experiments. Then again, all those boxen are behind a firewall and I keep up
with security updates ( apt-get update && apt-get -u dist-upgrade ). ssh
just went in from woody. /me saunters over to the firewall for an update
there as well :).
ciao,
der.hans
--
#
http://home.pages.de/~lufthans/ http://www.DevelopOnline.com/
# Motorraeder toeten nicht. Motorraeder werden getoetet.
(text/plain)