[buug] Linux Security Site

Rick Moen rick at linuxmafia.com
Mon Feb 14 15:02:15 PST 2000

Quoting ezekielk at iname.com (ezekielk at iname.com):

[Linux distributions tend to default to an insecure state]

> That is too bad, considering how many computer users would *like to
> dump Windoze, and switch to Linux w/minimal hassle. But once I master
> Linux, I can get some of these folks running their own Linux box with
> solid security.

Unfortunately, they have to do this in the name of market acceptance.
Why?  Because security is inconvenient.

Imagine a Linux distribution that installs by default in a fairly
locked-down fashion:  All network daemons are turned off initially.
All lines in /etc/inetd.conf are initially commented out.  There are
no CGI scripts in the system cgi-bin directory.  /etc/hosts.deny has
everything disabled, and /etc/hosts.allow initially allows localhost
only.  Most services that require suid-root binaries aren't even
installed.  Even root-owned libraries aren't installed unless crucially

The system forces all users to change passwords monthly, and doesn't
allow selection of passwords that fail quality tests.  A cron job mails 
a daily report on security-sensitive system activity, and the system
doesn't allow directing that mail to a "root" account whose may not get

There's no NIS or NFS.  (They're security weak points.)  The network
daemons installed -- even though initially disabled -- are chosen for
their minimal, conservative nature, rather than for full functionality:
E.g., you have exim or postfix instead of sendmail, pftpd instead of 
wuftpd or proftpd, and boa instead of Apache.

The system installation forces the user to compile a new kernel from
recent kernel revisions, and (somehow) forces the user to compile a 
monolithic kernel instead of a modular one.

The installer also forces installation and configuration of AIDE
(Tripwire's successor), OpenSSH, GNUPG, and COPS.  COPS is run monthly
by cron job.  "telnetd" is present only as a symlink to sshd.

This distribution would default to a fairly secure state, but (1) would
be a pain in the ass for non-paranoid sysadmins to deal with, and (2) 
would appear to trail the competition in any checklist comparison of 

So, the distributions don't do this because they can't afford to.
That's why they ship with over-featured network daemons like wuftpd and
proftpd instead of more-modest, more-secure alternatives, and why they
make it easy to shoot system security in the foot -- because to do
otherwise would be to deprive people of what they think they want.

Cheers,                Linux:  It is now safe to turn on your computer.
Rick Moen
rick (at) linuxmafia.com

More information about the buug mailing list