From owner-freebsd-security Thu Dec 24 08:09:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA16836 for freebsd-security-outgoing; Thu, 24 Dec 1998 08:09:10 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA16831 for ; Thu, 24 Dec 1998 08:09:07 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id LAA02495; Thu, 24 Dec 1998 11:08:16 -0500 To: Barrett Richardson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? References: From: Chris Shenton Date: 24 Dec 1998 11:08:16 -0500 In-Reply-To: Barrett Richardson's message of Thu, 24 Dec 1998 00:13:09 -0500 (EST) Message-ID: <86ww3hh6a7.fsf@samizdat.uucom.com> Lines: 19 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Barrett Richardson writes: > I have all my necessary network services running as daemons. In the > face of recent discoveries of problems caused for inetd by nmap > and various things I've come to the conclusion that I really don't > need inetd -- another variable I can eliminated from the mix. > > Any undesirable side effects come to mind? When I set up a new box, I usually first install sshd. Then I find I can usually turn off inetd because I don't need any services there: telnet and ftp can be replaced with ssh/scp, other services (finger, chargen) are of little or no use and pose unnecessary risks. This is typically for production servers; your tolerance for risk on desktop or home boxes will dictate how fascist you want to be. Having said that, if I do want something different (e.g., amanda, rstatd), I'll run inetd but with only these lines in the inetd.conf file, and I'll tcp_wrap them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message