From owner-cvs-all  Sat Aug  4  9: 6:49 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id D729637B401; Sat,  4 Aug 2001 09:06:44 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f74G6iF48433;
	Sat, 4 Aug 2001 09:06:44 -0700 (PDT)
	(envelope-from rwatson)
Message-Id: <200108041606.f74G6iF48433@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sat, 4 Aug 2001 09:06:44 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/etc inetd.conf
X-FreeBSD-CVS-Branch: RELENG_4
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2001/08/04 09:06:44 PDT

  Modified files:        (Branch: RELENG_4)
    etc                  inetd.conf 
  Log:
  MFC of inetd.conf 1.49:
  
    Default to disabling all inetd.conf entries, in particular, telnetd
    and ftpd.  This more conservative default reduces the exposure of
    freshly installed machines, which is especially valuable for machines
    that receive minimal further configuration before being put into
    production.  Generally speaking, SSH has superseded the use of both
    telnet and ftp in many environments.  In light of recent remotely
    exploitable security holes in both telnetd and ftpd, this choice
    retains flexibility (both telnetd and ftpd daemons remain installed
    and easily enableable) while protecting users who don't need the
    additional risk.  This change brings our configuration into line with
    the majority of other UNIX vendors, including OpenBSD and NetBSD.
  
    To address the concerns of those requiring remote access via telnet
    from first install, changes will shortly be committed to sysinstall
    to provide the ability to edit inetd.conf during the installation
    process, allowing telnetd and ftp to be re-enabled during the
    installation process.
  
    While I'm at it, slightly improve commenting for inetd.conf so that
    it's more clear to users how to enable and disable services.
    Further commenting to indicate the functions of various columns would
    probably also be useful.
  
  Reviewed by:    imp, chris, jake, nate, -arch, -stable
  Approved:	jkh
  
  Revision  Changes    Path
  1.44.2.5  +13 -10    src/etc/inetd.conf


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message