MacOS X (Was Code Red mutated? (fwd))
E. Larry Lidz
ellidz at eridu.uchicago.edu
Tue Aug 7 15:00:22 GMT 2001
Paul L Schmehl writes:
>Again, with the exception of OpenBSD (and now Mac OS X), I'm not aware of
>an OS that ships by default with all services *off*.
Just to comment, briefly, on this: I've just started looking at
MacOS X, and it does ship with a fair number of services turned on
(my experimenting has been with OS X Server, so client might be a
bit better). In particular, it runs portmapper (which, actually,
OpenBSD does, too), a few NetInfo daemons, NFS/Automounter, and some
administrative daemons that might or might not be network accessable --
I haven't looked enough yet to be sure.
The MacOS X Server Admin program doesn't seem to work if you use a UFS
file system instead of an HFS+ file system. That's the GUI which allows
you to turn off some of these services (and also has a GUI front end to
Darren Reed's IPFilter).
Further, while you can enable/disable services by editing
/etc/hostconfig (I think it was) and /etc/watchdog.conf, there are
a bunch of services which you need to go in and modify the startup
scripts to prevent them from starting. The startup scripts are hidden in
/Library somewhere -- I forget where off the top of my head.
It's my belief that client is a bit better about this sort of thing,
but I'm yet to be comforted that MacOS X isn't going to cause serious
problems. I know enough people who, when given the oportunity to choose
between "server" and "client" will automatically choose "server" as it
appears more full featured.
That said, the OS update/patch program is really quite nice -- even
easier to use than Windows Update.
More information about the unisog