[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tcp wrappers not enabled by default...?

To: misc@openbsd.org
Subject: tcp wrappers not enabled by default...?
From: indy@anglistik1.RWTH-Aachen.DE
Date: Tue, 07 Mar 2000 19:27:24 +0100
Organization: Institut f. Anglistik - Bibliothek

Hi,


OpenBSD's secure by default philosophy is one of the reasons which got
me interested in the first place. I've been wondering, though, why the
tcpwrapper isn't enabled by default. One might argue that the default
setting with ssh doesn't really need it. But wouldn't it make more sense
to ship a default configuration that uses the wrapper and includes tight
hosts.allow/access files? If s.o. decided to enable telnet, for example,
he/she would just have to loosen permissions on /etc/hosts.allow instead
of manually setting up the tcp wrapper themselves to tighten security.

Of course this is just a matter of tweaking a few configuration files,
nevertheless I think it would further underline the notion of "(more)
secure" when it comes to default configuration. Just a thought -
apologies if it sounds stupid :)

cheers,
-Marcos

Follow-Ups:
- Re: tcp wrappers not enabled by default...?
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Re: /bin/ps output difference because of what?
Next by Date: Re: Adaptec AIC-789[0,5] support?
Prev by thread: (Fwd) open source article (fwd)
Next by thread: Re: tcp wrappers not enabled by default...?
Index(es):
- Date
- Thread