great advice. I always do that when I install a box: add ssh/sshd, then go through/etc/inetd.conf and the output of "ps axuww" and disable anything I don't need, and restrict things by IP (like relaying capabilities, if you use a local MTA). for large organizations, it makes sense to turn ports off at the router, but a well installed Linux/BSD/Unix box should be able to stand on its own securely... and it's not that hard.
keeping an eye on the security page is a very good idea too, but less important on development/production boxes with few uesrs, where you can take the attitude that account separation is not there to absoultely protect one account from another, but just to make you be conscious about what you're doing, by having to su over to another account for sensitive operations.
Re:One Geek's experience with BSD (Score:1)
keeping an eye on the security page is a very good idea too, but less important on development/production boxes with few uesrs, where you can take the attitude that account separation is not there to absoultely protect one account from another, but just to make you be conscious about what you're doing, by having to su over to another account for sensitive operations.