From owner-freebsd-arch Mon Jun 26 2:37:19 2000 Delivered-To: freebsd-arch@freebsd.org Received: from server1.mich.com (server1.mich.com [198.108.16.2]) by hub.freebsd.org (Postfix) with ESMTP id 3D0FF37BBD2 for ; Mon, 26 Jun 2000 02:37:12 -0700 (PDT) (envelope-from will@almanac.yi.org) Received: from argon.gryphonsoft.com (pm006-013.dialup.bignet.net [64.79.80.253]) by server1.mich.com (8.9.3/8.9.3) with ESMTP id FAA23402 for ; Mon, 26 Jun 2000 05:37:09 -0400 Received: by argon.gryphonsoft.com (Postfix, from userid 1000) id DF8FF195D; Mon, 26 Jun 2000 05:35:25 -0400 (EDT) Date: Mon, 26 Jun 2000 05:35:25 -0400 From: Will Andrews To: arch@FreeBSD.org Subject: Disabling inetd? Message-ID: <20000626053525.U85886@argon.gryphonsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 5.0-CURRENT i386 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, I was just a few minutes ago talking with some of my colleagues about disabling inetd completely in a default install. What are people's opinions about doing this? IMHO there is nothing in inetd that is absolutely essential when someone installs FreeBSD on a virgin system. Let's take a few things as examples. Telnet is an insecure protocol and has been replaced for the most part by SSH. Then there's FTP. How many people are going to run FTP servers on their machines by default? Now talk daemon, auth server (for ident, typically used with IRC), and finger. Not everyone really needs these. Our inetd.conf should reflect what would be NEEDED by a typical installation by default. Some might say "why fix something that ain't broke?". Well, I think that it's fairly well-known that holes can be exploited through inetd. Proactive security is better than leaving possible holes open by default, IMO. Administrators who know what they're doing can open up each hole as they need to. Could someone give me a reason why anything invoked by our current inetd.conf is needed across all installed systems by default? If not, then inetd itself should be disabled by default. -- Will Andrews GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message