On 2013-05-07 00:52:03 +0800, Thomas Goirand wrote: > On 05/06/2013 10:08 PM, Christoph Anton Mitterer wrote: > > The usually come only with a default config which may not be hardened > > enough for the local system, and that short time may already be enough > > for an attacker to attack. > If the default config isn't hardened enough, fix the default config.
This can be fine for some daemons/servers. For instance, for a web server, displaying a default web page is harmless. But what about a mail server? Any default config would probably lead to loss of mail if things like virtual alias domains are used. -- Vincent Lefèvre <[email protected]> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
