By default, IMHO, a system should resist a standard install on a public ip
address without being owned within the hour.
If you need hardening, you should always check and know your system.
Especially if something says ?secure by default?.
Wonder how HardenedBSD is doing these days? https://wiki.freebsd.org/Hardening
You do want to protect your basic users from themselves to a certain extent.
The SSL mess is a mess, but libreSSL hasn?t been spared either.
Nevertheless I am sure that the Core Security team is having regular discussions
on some defaults.
If we can assume that this About blob from the FreeBSD site is it?s mission
statement:
???? https://www.freebsd.org/about.html
What is FreeBSD?
FreeBSD is an operating system for a variety of platforms which focuses on
features, speed, and stability. It is derived from BSD, the version of UNIX?
developed at the University of California, Berkeley. It is developed and
maintained by a large community.
????
The rant is not that justified baring in mind the versatility of FreeBSD.
Sincerely,
Steve
> On 13 Jul 2016, at 10:57, Dan Lukes <dan at obluda.cz> wrote:
>
> Particular system needs to be tuned according local environment, goal and
requirements. Thus I don't care install-time defaults so much.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160713/0a4a161d/attachment.sig>