Feature Request "secure by default"

Simon Jolle urandomdev at gmail.com
Sun Jun 10 13:11:44 UTC 2007


Hi list

After default installation of Fedora 7 too much network daemons listen
for incoming connections. I admit, that those services are closed by
iptables rules (default only accept inbound SSH connection).

Additionally if you install supplement software by using "yum", those
daemons get enabled right after installation.

OpenSolaris have quite a good solution to deal with security vs
comfort. See the "Secure by Default" project [0]

Is there a chance to have in Fedora and RHEL a secure by default
installation? What do you developers think about this issue? Any pro
and cons to implement this?

[0] http://www.opensolaris.org/os/community/security/projects/sbd/

with regards
Simon




More information about the fedora-list mailing list