From owner-freebsd-security Tue Nov 27 10:47:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id A4B6037B417 for ; Tue, 27 Nov 2001 10:47:43 -0800 (PST) Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA16594; Tue, 27 Nov 2001 13:48:53 -0500 Received: from localhost (mitch@localhost) by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA31481; Tue, 27 Nov 2001 13:47:42 -0500 X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs Date: Tue, 27 Nov 2001 13:47:42 -0500 (EST) From: Mitch Collinsworth To: Adam Laurie Cc: Tom Beer , security@FreeBSD.ORG Subject: Re: Amanda - inetd In-Reply-To: <3C03D8EF.58AF9BF9@algroup.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 27 Nov 2001, Adam Laurie wrote: > Tom Beer wrote: > > > > I'm planning to install amanda (remote backup > > solution) on a freebsd box as a client. Unfourtunately > > amanda needs inetd, which I don't want to start > > for security reasons. Even not tcpwarrped. > > Is there a way to bring my ppp dialup connection > > down, start inetd, start amanda, ending inetd after > > the backup and starting my ppp connection > > again? Or is there a better solution? > > use xinetd and bind amanda's service only to loopback. oh, and make sure > your loopback is protected against remote routing. ipfw in "open" mode > will do this if you're not already running a firewall anyway. He said amanda client. This means an amanda server will come calling to initiate the client's backups. This means the amanda port on the client needs to be accessible to the amanda server. Your solution is not 'better', it's 'nonsense'. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message