Date: Thu, 24 Dec 1998 13:04:53 -0800 (PST) From: Nicole Harrington <nicole@ispchannel.com> To: Chris Shenton <cshenton@uucom.com> Cc: freebsd-security@FreeBSD.ORG, Barrett Richardson <brich@aye.net> Subject: Re: Do I really need inetd? Message-ID: <XFMail.981224130453.nicole@ispchannel.com> In-Reply-To: <86ww3hh6a7.fsf@samizdat.uucom.com>
index | next in thread | previous in thread | raw e-mail
On 24-Dec-98 Chris Shenton wrote:
> Barrett Richardson <brich@aye.net> writes:
>
>> I have all my necessary network services running as daemons. In the
>> face of recent discoveries of problems caused for inetd by nmap
>> and various things I've come to the conclusion that I really don't
>> need inetd -- another variable I can eliminated from the mix.
>>
>> Any undesirable side effects come to mind?
>
> When I set up a new box, I usually first install sshd. Then I find I
> can usually turn off inetd because I don't need any services there:
> telnet and ftp can be replaced with ssh/scp, other services (finger,
> chargen) are of little or no use and pose unnecessary risks. This is
> typically for production servers; your tolerance for risk on desktop
> or home boxes will dictate how fascist you want to be.
>
> Having said that, if I do want something different (e.g., amanda,
> rstatd), I'll run inetd but with only these lines in the inetd.conf
> file, and I'll tcp_wrap them.
>
I agree. I have found that Inetd is very usefull for rarely needed services. It
allows one to set parameters on usage that would otherwise be impossible. (like
-c for DOS prevention and TCPwrappers) However for very active services however
like smtp or pop3 on a busy system, I agree that running them as a daemon can
help performance a great deal. Even SSH as a daemon saves a lot of time since it
does not need to generate a key for every loggon.
To help prevent DOS'ing and accidents, having a script to monitor it and
restart if it is killed can make up for INETD's benefits.
Nicole
|\ __ /| (`\
| o_o |__ ) )
// \\
Nicole Harrington | Systems Administrator
-------------------(((---(((-----------------------
nicole@mediacity.com - nicole@ispchannel.com
www.mediacity.com - www.ispchannel.com
Phone: 650-237-1454 - Pager: 415-301-2482
Powered By Coca-Cola and FreeBSD
Why do doctors call what they do practice?
Microsoft: What bug would you like today?
----------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.981224130453.nicole>