[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure by default

To: misc@openbsd.org
Subject: Re: secure by default
From: Joshua Steele <jsteele@CodefusionIS.com>
Date: Sat, 1 Jun 2002 00:53:09 -0500 (EST)

Speaking of apache...is the version of apache that comes with openbsd
modified to work "more secure", or is it just a default apache install...?


Josh

On Fri, 31 May 2002, Al Lipscomb wrote:

> >> being a relative newbie to openbsd and having done my first
> > install just last week i have a question.
> >
> > the default install as far as i am aware gives you a box that
> > just has sshd listening and not much (if anything else). i am
> > looking to use openbsd in a variety of ways one being an
> > intranet server, so to do this i need to switch on apache,
> > install php and possibly mysql.
> >
> > my question is with those services now switched on (apache,
> > php & mysql) how secure is my openbsd box now? compared to my
> > slackware / red hat / apple box?
> >
> > my thoughts are yes you can say the default install is tight
> > as a ducks arse but if you want to do anything usefull
> > (apache, samba, named, etc). is it as secure (or unsecure) as
> > any other operating system.
> >
>
>
> Hard question to answer. If you stayed with the defaults you are OK.
> The more changes you make the more chances of a problem.
>
> I would ask what does your PF rules look like?
>
> By making sure nothing but the traffic you desire hits the services on
> the box you reduce the chances that an exploit is exposed.

Follow-Ups:
- Re: secure by default
  - From: Jim Geovedi <jim@corebsd.or.id>

Prev by Date: Re: a good mail server
Next by Date: Re: Samba's protocals (was 3 different OS)
Prev by thread: Re: a good mail server
Next by thread: Re: secure by default
Index(es):
- Date
- Thread