From owner-freebsd-questions  Wed Feb  4 10:46:18 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA10619
          for questions-outgoing; Wed, 4 Feb 1998 10:46:18 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from garfield.cs.mun.ca (jr@garfield.cs.mun.ca [134.153.1.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA10533
          for <freebsd-questions@FreeBSD.ORG>; Wed, 4 Feb 1998 10:45:50 -0800 (PST)
          (envelope-from jr@cs.mun.ca)
Received: (from jr@localhost)
	by garfield.cs.mun.ca (8.8.5/8.8.5) id PAA32251;
	Wed, 4 Feb 1998 15:14:59 -0330 (NST)
Date: Wed, 4 Feb 1998 15:14:58 -0330 (NST)
From: John Rochester <jr@cs.mun.ca>
To: chas <panda@peace.com.my>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: minimalist /etc/services and /etc/inetd.conf Re: Security
In-Reply-To: <3.0.32.19980204135923.0093ebb0@peace.com.my>
Message-ID: <Pine.OSF.3.91.980204150734.29687B-100000@garfield.cs.mun.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

On Wed, 4 Feb 1998, chas wrote:

> Following the advice of a security book to disable all un-required
> services, I was quite amazed at the default /etc/services for 
> FBSD (using 2.1.7). Literally hundreds of weird and wonderful services.
> 
> But for a standard webserver, and mailserver for multiple domains, (with 
> telnet/ftp access for myself) is there anything else that should be removed ? 
> (or worse, anything that shouldn't have been culled) 

/etc/services is only a database that converts between the name of a
particular service and the corresponding port number.  There is absolutely
no need to remove anything from this file, since it doesn't determine
whether you are running that service.

> 
> Would disabling discard,chargen,daytime,time have any adverse effects on
> other services ?
> 

No.  They are disabled by default in 2.2.5, if I remember correctly. You
could also look at /etc/sysconfig (I think - it's /etc/rc.conf in 2.2.X)
to see if you have any daemons enabled there that you don't need (like lpd
or sendmail). 

john
-----
John Rochester			jr@cs.mun.ca
Dept. of Computer Science
Memorial University of Newfoundland, St. John's, Newfoundland, Canada