[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Create a canned "Firewall Build"?
That's a good one. A firewall shouldn't have any user accounts (besides
and on a firewall you shouldn't run anything besides nat and pf.
Otherwise it wouldn't
be a firwall anymore.
I'm kind of afraid to hear next that somebody is running smbd/nmbd on
his firewall :-)))
> >> Each user's files by default can be read by another user. Change
> >> umask.
> > irrelevant to system security. so what if joe can read john's
> > that's no closer to root. the only umask that matters is root. and
> > you're messing around as root, you should triple check everything
> > anyway.
> if this is supposed to be a distribution of OpenBSD for firewalls, why
> would it have a bunch of users on the system whom you have to play