The default Fedora 14 includes a rule to except all multicast dns: ACCEPT udp -- 0.0.0.0/0 224.0.0.251 state NEW udp dpt:5353 -Joe On Thu, May 19, 2011 at 1:49 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Thu, 19 May 2011 13:40:47 -0400 > aragonx@xxxxxxxxxx wrote: > >> Isn't that only part of the >> solution? Why would we ever need to have PermitRootLogin to >> true? My memory is a little rusty but I'm pretty sure the install >> forces the creation of a user account. > > No, it does at firstboot. > > If you install a headless machine, you have no way to make a user > without logging in as root and making one. > >> I've never done a >> headless install so I know nothing about how that works. However, we >> shouldn't let a minority of installations compromise the security of >> the majority. As someone has already pointed out, can't they have a >> different spin to allow whatever they might need? > > I think there are solutions to this, but they should be worked with the > anaconda folks, rather than here. ;) > >> Are there any >> other services that are listening by default and allowed through the >> firewall? I believe there should be none of either. However, I >> have been called paranoid in the past. :) > > Nope. Not on a default install anymore I don't think... > > kevin > > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security > -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
