ons 2007-03-21 klockan 15:00 -0400 skrev Chris Lumens: > firstboot already uses system-config-securitylevel to provide a screen > for setting this stuff up. The default configuration on regular > installs is ssh enabled, SELinux enforcing. I have to admit I haven't been able to test F7 yet. Is this the same screen as in FC6, where you're not actually selecting whether to have sshd on or off but rather how the firewall is set up? Because I think it's much more important to make sure the system is secure (by default and after admin's changes) even without the firewall than to set the firewall "just right". So the "SSH or not" setting should control the service, not the firewall. <Rant> :) The firewall is an extra protection, and in some cases a workaround for broken software where it can't be made secure any other way. (Let's say you can't figure out how to make your local caching nameserver listen only on loopback, so you firewall the port instead.) The same way, if the system is insecure when SELinux is off, then it's a bug or configuration error. It's just an extra precaution, not where the actual security is supposed to be. /abo -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
