IMHO I can agree with most of the statements written down in this text. I can
not understand why I need ntpd or sendmail activated in default installations.
If I want to setup a time server or a mail server with further abilities I can
install them later on. Most of the installations don't need such features. I
don't think that the majority of servers do need threaded AES-CTR or NONE
ciphers also. For me a installation should be a minimum set of features and a
secure one as well. For all further things I need to know what I want and can
install them. This has nothing to do with:
>If you need hardening, you should always check and know your system.
because also if you don't need hardening you should always check and know
your system.
>I assume the virgin installed system will be ready to be remotely
>configured (e.g. sshd running, no firewall).
This will be as well with minimum sshd configuration and firewall activated.
>If we can assume that this About blob from the FreeBSD site is it?s mission
statement: ???? >https://www.freebsd.org/about.html What is FreeBSD? FreeBSD
is an operating system for a variety of >platforms which focuses on features,
speed, and stability. It is derived from BSD, the version of >UNIX? deve?
And thats the problem, there is no word about security in this mission
statement, but maybe it should be there in the actual word.
Just my 2 cents