FreeBSD - a lesson in poor defaults?
Steve Clement
steve at localhost.lu
Wed Jul 13 09:28:22 UTC 2016
By default, IMHO, a system should resist a standard install on a public ip address without being owned within the hour.
If you need hardening, you should always check and know your system.
Especially if something says “secure by default”.
Wonder how HardenedBSD is doing these days… https://wiki.freebsd.org/Hardening
You do want to protect your basic users from themselves to a certain extent.
The SSL mess is a mess, but libreSSL hasn’t been spared either.
Nevertheless I am sure that the Core Security team is having regular discussions on some defaults.
If we can assume that this About blob from the FreeBSD site is it’s mission statement:
“””” https://www.freebsd.org/about.html
What is FreeBSD?
FreeBSD is an operating system for a variety of platforms which focuses on features, speed, and stability. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. It is developed and maintained by a large community.
“”””
The rant is not that justified baring in mind the versatility of FreeBSD.
Sincerely,
Steve
> On 13 Jul 2016, at 10:57, Dan Lukes <dan at obluda.cz> wrote:
>
> Particular system needs to be tuned according local environment, goal and requirements. Thus I don't care install-time defaults so much.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160713/0a4a161d/attachment.sig>
More information about the freebsd-security
mailing list