[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tcp wrappers not enabled by default...?
OpenBSD's secure by default philosophy is one of the reasons which got
me interested in the first place. I've been wondering, though, why the
tcpwrapper isn't enabled by default. One might argue that the default
setting with ssh doesn't really need it. But wouldn't it make more sense
to ship a default configuration that uses the wrapper and includes tight
hosts.allow/access files? If s.o. decided to enable telnet, for example,
he/she would just have to loosen permissions on /etc/hosts.allow instead
of manually setting up the tcp wrapper themselves to tighten security.
Of course this is just a matter of tweaking a few configuration files,
nevertheless I think it would further underline the notion of "(more)
secure" when it comes to default configuration. Just a thought -
apologies if it sounds stupid :)