[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Create a canned "Firewall Build"?

To: <misc@openbsd.org>
Subject: Re: Create a canned "Firewall Build"?
From: "Peter" <peter@easynix.com>
Date: Thu, 21 Feb 2002 08:55:44 -0500
References: <Pine.BSO.4.40.0202210043550.17376-100000@heorot.stanford.edu> <391162892.1014279008@[192.168.0.3]>

That's a good one. A firewall shouldn't have any user accounts (besides
your own)
and on a firewall you shouldn't run anything besides nat and pf.
Otherwise it wouldn't
be a firwall anymore.
I'm kind of afraid to hear next that somebody is running smbd/nmbd on
his firewall :-)))
Peter

> >> Each user's files by default can be read by another user.  Change
the
> >> umask.
> >
> > irrelevant to system security.  so what if joe can read john's
files?
> > that's no closer to root.  the only umask that matters is root.  and
if
> > you're messing around as root, you should triple check everything
you do
> > anyway.
>
> if this is supposed to be a distribution of OpenBSD for firewalls, why
> would it have a bunch of users on the system whom you have to play
nanny
> to?
>
> --Matt

Follow-Ups:
- Re: Create a canned "Firewall Build"
  - From: Steve Lincoln <slinco01@studentweb.providence.edu>
- Re: Create a canned "Firewall Build"?
  - From: Richard Welty <rwelty@averillpark.net>

References:
- Re: Create a canned "Firewall Build"?
  - From: Ted U <grendel@heorot.stanford.edu>
- Re: Create a canned "Firewall Build"?
  - From: Matt Rowley <matt@streampipe.com>

Prev by Date: Re: Create a canned "Firewall Build"?
Next by Date: Re: Create a canned "Firewall Build"
Prev by thread: Re: Create a canned "Firewall Build"?
Next by thread: Re: Create a canned "Firewall Build"
Index(es):
- Date
- Thread