[oclug] Workgroup Server
Kirrily Robert
skud at e-smith.com
Thu Mar 1 11:25:41 EST 2001
On Thu, Mar 01, 2001 at 10:16:43AM -0500, Chris Herrnberger wrote:
> On Thursday 01 March 2001 09:52, you wrote:
>
>
> > Sure, it's not the only distro that'll do what he wants, but it's
> > probably the only one that'll have him up and running with a working,
> > secure system in about an hour.
>
> Interesting, can you provide some details on the security features that come
> out of the box (or freedownload) as standard on the distro/package.
The e-smith distribution comes "out of hte box" (or off the download
site) with all unnecessary services removed. Outside logins are
disabled by default. Services come pre-configured with suitable
security settings. IP masquerading provides a basic level of security
to machines behind the e-smith gateway, and TCP wrappers are enabled.
The web interface used for most systems administration tasks is
configured to only allow access from the local network. In forthcoming
versions, it will allow external access over https. The web email
interface (which is, of course, disabled by default until you decide
you need it) also runs over https.
Where certain pieces of software (eg sendmail) have been the subject of
just too many security advisories, they have been replaced by other
software less known for its holes (eg qmail).
There's an answer to the question "How secure is the e-smith server and
gateway? is it a firewall?" in the FAQ, at
http://www.e-smith.org/faq.php3#q4 (hrm... some of those answers need
updating...)
Hope that's useful to you.
K.
--
Kirrily "Skud" Robert
skud at e-smith.com (work)
skud at infotrope.net (home)
More information about the OCLUG
mailing list