[CentOS] Re: Unknown rootkit causes compromised servers

Tue Jan 29 16:35:31 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 1/29/2008 8:00 AM Chris Mauritz spake the following:
> Milton Calnek wrote:
>> If you don't like the defaults, get anaconda to change them for you.
>> Or write a script that you run shortly after install to make the 
>> changes for you.
> 
> That would be pretty amazing if at the end (or at the beginning) of the 
> install there was some checkbox that said something to the effect of:
> 
> "Would you like to maintain compatibility with upstream security 
> defaults or would you like to follow our more sensible recommendations 
> instead?"
> 
> And if the user chooses the latter, a much more secure default 
> configuration could be applied.  That might go a long way towards 
> helping non-wizard folks to enjoy some measure of additional protection 
> by default.  Just a thought.
> 
But again, that breaks upstream compatibility.
Besides, all of you know that there are people that click "yes" on every 
dialog box without reading them. I swear that if you added a dialog box that 
stated their firstborn would be sacrificed to the IT gods, and recorded the 
answers, you would get a large percentage of "yes" clicks. And most of those 
would be unintentional.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080129/67e05137/attachment-0005.sig>