NetBSD Problem Report #53740
From www@NetBSD.org Sun Nov 25 02:40:28 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 767907A1DC
for <gnats-bugs@gnats.NetBSD.org>; Sun, 25 Nov 2018 02:40:28 +0000 (UTC)
Message-Id: <20181125024027.4D2D17A1F0@mollari.NetBSD.org>
Date: Sun, 25 Nov 2018 02:40:27 +0000 (UTC)
From: mayuresh@acm.org
Reply-To: mayuresh@acm.org
To: gnats-bugs@NetBSD.org
Subject: Guideline needed on what services / jobs should be "on" by default
X-Send-Pr-Version: www-1.0
>Number: 53740
>Category: misc
>Synopsis: Guideline needed on what services / jobs should be "on" by default
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Nov 25 02:45:00 +0000 2018
>Last-Modified: Sun Nov 25 08:10:00 +0000 2018
>Originator: Mayuresh
>Release: Not a problem
>Organization:
>Environment:
Not relevant
>Description:
As an example locate.updatedb is seen ON by default which does not look as critical against (say) sshd which needs to be turned on and has many more takers than locate. Generally explicitly switching something on may be more transparent (except for critical things).
Discussion thread
http://mail-index.netbsd.org/netbsd-users/2018/11/24/msg021730.html
>How-To-Repeat:
Not a problem
>Fix:
A guideline may be made about what jobs / services should be "on" by default in NetBSD and implemented accordingly.
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: misc/53740: Guideline needed on what services / jobs should be
"on" by default
Date: Sun, 25 Nov 2018 09:09:53 +0100
If you look at a freshly installed system (and did not use the sysinst
configure menu to enable additional stuff) you will see
- NO network facing services enabled by default
(this is why sshd is off)
- there are some security audit scripts running every night
- a few housekeeping jobs are done depending on their importance
(or expected freqency of changes): newsyslog hourly, calendar daily,
a few others weekly, like man page index, locate database
All this is tunable.
This all assumes a machine that is always running which is bad in a world
of notebooks that get powered down or suspended over night. It works pretty
well for servers.
Martin
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.