NetBSD Problem Report #53740

From www@NetBSD.org  Sun Nov 25 02:40:28 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 767907A1DC
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 25 Nov 2018 02:40:28 +0000 (UTC)
Message-Id: <20181125024027.4D2D17A1F0@mollari.NetBSD.org>
Date: Sun, 25 Nov 2018 02:40:27 +0000 (UTC)
From: mayuresh@acm.org
Reply-To: mayuresh@acm.org
To: gnats-bugs@NetBSD.org
Subject: Guideline needed on what services / jobs should be "on" by default
X-Send-Pr-Version: www-1.0

>Number:         53740
>Category:       misc
>Synopsis:       Guideline needed on what services / jobs should be "on" by default
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 25 02:45:00 +0000 2018
>Last-Modified:  Sun Nov 25 08:10:00 +0000 2018
>Originator:     Mayuresh
>Release:        Not a problem
>Organization:
>Environment:
Not relevant
>Description:
As an example locate.updatedb is seen ON by default which does not look as critical against (say) sshd which needs to be turned on and has many more takers than locate. Generally explicitly switching something on may be more transparent (except for critical things).

Discussion thread
http://mail-index.netbsd.org/netbsd-users/2018/11/24/msg021730.html
>How-To-Repeat:
Not a problem
>Fix:
A guideline may be made about what jobs / services should be "on" by default in NetBSD and implemented accordingly.

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: misc/53740: Guideline needed on what services / jobs should be
 "on" by default
Date: Sun, 25 Nov 2018 09:09:53 +0100

 If you look at a freshly installed system (and did not use the sysinst
 configure menu to enable additional stuff) you will see

  - NO network facing services enabled by default
    (this is why sshd is off)

  - there are some security audit scripts running every night

  - a few housekeeping jobs are done depending on their importance
    (or expected freqency of changes): newsyslog hourly, calendar daily,
    a few others weekly, like man page index, locate database 

 All this is tunable.

 This all assumes a machine that is always running which is bad in a world
 of notebooks that get powered down or suspended over night. It works pretty
 well for servers.

 Martin

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.