From owner-freebsd-security Thu Dec 24 13:05:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA19962 for freebsd-security-outgoing; Thu, 24 Dec 1998 13:05:16 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from intra.ispchannel.net (intra.ispchannel.net [208.166.60.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA19957 for ; Thu, 24 Dec 1998 13:05:10 -0800 (PST) (envelope-from nicole@ispchannel.com) Received: from dogbert.mediacity.com (dogbert.mediacity.com [208.138.36.140]) by intra.ispchannel.net (Postfix) with ESMTP id 1D751F00A; Thu, 24 Dec 1998 13:04:54 -0800 (PST) Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <86ww3hh6a7.fsf@samizdat.uucom.com> Date: Thu, 24 Dec 1998 13:04:53 -0800 (PST) Organization: The ISP Channel From: Nicole Harrington To: Chris Shenton Subject: Re: Do I really need inetd? Cc: freebsd-security@FreeBSD.ORG, Barrett Richardson Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 24-Dec-98 Chris Shenton wrote: > Barrett Richardson writes: > >> I have all my necessary network services running as daemons. In the >> face of recent discoveries of problems caused for inetd by nmap >> and various things I've come to the conclusion that I really don't >> need inetd -- another variable I can eliminated from the mix. >> >> Any undesirable side effects come to mind? > > When I set up a new box, I usually first install sshd. Then I find I > can usually turn off inetd because I don't need any services there: > telnet and ftp can be replaced with ssh/scp, other services (finger, > chargen) are of little or no use and pose unnecessary risks. This is > typically for production servers; your tolerance for risk on desktop > or home boxes will dictate how fascist you want to be. > > Having said that, if I do want something different (e.g., amanda, > rstatd), I'll run inetd but with only these lines in the inetd.conf > file, and I'll tcp_wrap them. > I agree. I have found that Inetd is very usefull for rarely needed services. It allows one to set parameters on usage that would otherwise be impossible. (like -c for DOS prevention and TCPwrappers) However for very active services however like smtp or pop3 on a busy system, I agree that running them as a daemon can help performance a great deal. Even SSH as a daemon saves a lot of time since it does not need to generate a key for every loggon. To help prevent DOS'ing and accidents, having a script to monitor it and restart if it is killed can make up for INETD's benefits. Nicole |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1454 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message