From owner-freebsd-questions@FreeBSD.ORG Sat May 13 01:18:51 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D802016A462 for ; Sat, 13 May 2006 01:18:51 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (dsl081-142-072.chi1.dsl.speakeasy.net [64.81.142.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D4F443D45 for ; Sat, 13 May 2006 01:18:48 +0000 (GMT) (envelope-from derek@computinginnovations.com) Received: from p17.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.13.6/8.12.11) with ESMTP id k4D1ILtC044375; Fri, 12 May 2006 20:18:22 -0500 (CDT) Message-Id: <6.0.0.22.2.20060512201510.026ddce0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 12 May 2006 20:18:16 -0500 To: Eric Schuele , FreeBSD Questions From: Derek Ragona In-Reply-To: <44652C7D.4040604@computer.org> References: <4464B95D.1040702@computer.org> <20060512171515.GC34035@catflap.slightlystrange.org> <4464CEDA.80906@computer.org> <20060512202934.GE34035@catflap.slightlystrange.org> <44652C7D.4040604@computer.org> Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Pros and Cons of running under inetd.... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 01:18:51 -0000 Simply reinstall what ever ported apps you are using and look for a sample startup script in /usr/local/etc/rc.d, or look in /etc/defaults/rc.conf for the settings to override in /etc/rc.conf to run any standard system services at boot. You can search the old security lists or look in SANS archives on the actual exploits about inetd. -Derek At 07:46 PM 5/12/2006, Eric Schuele wrote: >Daniel Bye wrote: >>On Fri, May 12, 2006 at 01:07:22PM -0500, Eric Schuele wrote: >>>Although I am curious about ftpd and tcpwrappers.... I am also >>>interested in whether or not running these daemons under inetd is >>>preferred or not. If so why? If not, why? >>Certainly for anything that has a reasonably expensive start up, such as >>sshd, you will probably want to run it as a standalone daemon, because >>it's easier on the system to start it up only once and then fork a new >>child for each client connection. >>On the other hand, using inetd will allow you to have only one >>'superserver' running, which can spawn the appropriate daemon as >>required. This means that you won't have idle daemons lying around, as >>they are cleaned up once the session ends. >>One obvious shortcoming, as you point out, is that the stock ftpd >>doesn't seem to understand how to consult /etc/hosts.allow, so if you >>have one configured already, then you might want to use inetd to control >>ftpd. There may be alternative ftpd servers in the ports that do know >>how to use tcpwrappers, but I've never used any others so don't know. >>So, I suppose the real answer to your question is that you should use >>inetd if you need to use one of the features that it provides, such as >>tcpwrappers. I can't think of any reason to not use inetd, and I >>haven't heard any reasonable arguments suggesting it's particularly bad >>for your health. YMMV, etc. > >Thanks for the response. I'm of a similar opinion. For this particular >application (my laptop and occasional use, plus its usually ipfw'd away >from the world) I think its fine... and unless I find another solution, >I'll probably run ftpd under inetd, and sshd standalone. > >>Dan > > >-- >Regards, >Eric >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.