ubuntu server 7.04's paltry default packages


There are some basic packages that the basic distro of Ubuntu Server (as of 'Feisty' 7.04) does not include. I was just documenting a bit the sequence of apt-get commands I used right after the install was done:

apt-get update
apt-get upgrade
apt-get install ssh
apt-get install lynx
apt-get install links
apt-get install vim
apt-get install gcc
apt-get install make
apt-get install sun-java6-bin
apt-get install sun-java6-jdk
apt-get install subversion
apt-get install smbclient
apt-get install smbfs

The update and upgrade commands are to update apt-get's lists and then upgrade packages that were just installed from CD, respectively.

Some of these are perhaps a bit less common -- smbfs maybe. But vim? gcc? make? Really? Not to mention ssh. The client of SSH comes in pre-installed, but you have to install the server.

I imagine there's some weird reason that has to do with copyrights or encryption, or the copyrights of encryption, but it's still a pain. Especially if you forget about doing it...

Categories: technology
Posted by diego on May 20 2007 at 5:30 PM | TrackBack (0)
Comments (please see the comments & trackback policy).

I'd say it has more to do with providing as basic a setup as possible, so that people who, say, just wanted a LAMP server wouldn't be burdened with development packages, which could be used by attackers to compile their nasty little tools. If I ever need the dev packages, I install them and remove them after I'm done.

SSH, well... that's one less port for exploitation. Think OpenBSD gets its "Only two remote holes in the default install, in more than 10 years!" claim by turning on lots of services? And again, not everyone needs it :)

Posted by: John Kelly at May 21, 2007 12:25 AM

Thanks for the comment John! I see your point, but on a LAMP server, the last thing I'd worry about in terms of security would be SSH (yes, the P in LAMP would worry me 10 times more. Then the A. Then the M -- but not with iptables. *Then* SSH. :-))). And besides, you have to connect *somehow* to the server and telnet is really not an option (in my mind at least)... similarly, if someone has indeed cracked into the machine, the complexity of them obtaining gcc and running it should be minimal.

Posted by: Diego at May 21, 2007 7:33 PM
Post a comment









Remember personal info?







Copyright © Diego Doval 2002-2007.
Powered by
Movable Type 3.35