From owner-freebsd-security Fri Sep 22 7:57:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 6724737B43C for ; Fri, 22 Sep 2000 07:57:39 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13cUGT-0007wt-00; Fri, 22 Sep 2000 16:57:25 +0200 Date: Fri, 22 Sep 2000 16:57:25 +0200 From: Neil Blakey-Milner To: Cy Schubert - ITSD Open Systems Group Cc: Brett Glass , Wes Peters , security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922165725.A30364@mithrandr.moria.org> References: <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200009221435.e8MEZCs11279@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Sep 22, 2000 at 07:34:31AM -0700 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri 2000-09-22 (07:34), Cy Schubert - ITSD Open Systems Group wrote: > > If you could tell us how to plug them in somewhere, it might be nice. > > Do we have 'awk' on the install disk so it can be used there? > > something.) > > Search the -security and -arch archives for the subject "Option 3". I have read it. It is in my "reasons why inetd's current configuration format sucks" mailbox encouraging me to propose an additional way to configure inetd using a directory + file structure. > Plugging in the awk scripts somewhere, could be in /etc or /usr/sbin, > and an option in sysinstall. (Editing inetd.conf after an install is a > pain). I asked how, not "where do you place scripts on a filesystem?", or "what is the name of the installer?". I don't think we want to make even more sysinstall hacks, as it is exceedingly complicated and time-consuming (especially according to Mr. Glass - hours of painstaking choices). I think inetd_enable="YES"/"NO" is mostly sufficient. Anything beyond that is the realm of the administrator. Perhaps we can put your scripts in /usr/share/examples/inetd/, along with example configurations, like inetd.conf.rsh, inetd.conf.ftp, inetd.conf.full. Then have a mostly-empty /etc/inetd.conf that isn't self-documenting, with ftp and commented out telnet and (internal) auth. What else do people run out of inetd? (I don't know - I don't have any systems that run inetd, except one with only internal auth so I can IRC from it) Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message