From owner-freebsd-questions  Wed Feb  4 14:44:20 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA29764
          for questions-outgoing; Wed, 4 Feb 1998 14:44:20 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from sinfonix.rz.tu-clausthal.de (B/OMABhzBaKj/n9SHf5PmP2LsQ9OrVVD@sinfonix.rz.tu-clausthal.de [139.174.253.19])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA29656
          for <freebsd-questions@FreeBSD.ORG>; Wed, 4 Feb 1998 14:44:01 -0800 (PST)
          (envelope-from inrk@rz.tu-clausthal.de)
Received: (from inrk@localhost) 
	by sinfonix.rz.tu-clausthal.de (8.8.8/8.8.8)
	id XAA00434;
	Wed, 4 Feb 1998 23:43:53 +0100 (MET)
Date: Wed, 4 Feb 1998 23:43:53 +0100 (MET)
From: Ronald Kuehn <kuehn@rz.tu-clausthal.de>
Message-Id: <199802042243.XAA00434@sinfonix.rz.tu-clausthal.de>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: minimalist /etc/services and /etc/inetd.conf Re: Security
X-Newsreader: NN version 6.5.0 CURRENT #117
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

In list.freebsd-questions you write:

> At 12:40 PM 2/4/98 -0800, Doug wrote:

> >We went berzerk in 2.2.x and disabled all of this already, and more (lpd
> >for instance).  
> >
> >Don't play with /etc/services, netstat uses it to make your life easier.

> What does netstat do with it? Read it for port <-> name mappings?
> That I can live without.

> Attacking /etc/services, installing tcpd and then (of course)
> going over inetd.conf are pretty much the first things I do on
> any installation. Of any Unix.

> "Don't play with /etc/services" seems like pretty general advice
> not applicable in all (or perhaps even most) situations.

Again, "don't play with /etc/services". It's for mappings between
port numbers and service names only. It has nothing do to with services
you currently run. That's the job of inetd (/etc/inetd.conf) and
/etc/rc.* (for running standalone services).
Removing lines from /etc/services buys you nothing but trouble.

Bye,
  Ronald
-- 
Ronald Kuehn, TUC Rechenzentrum,  Erzstrasse 51,  D-38678 Clausthal-Zellerfeld
<kuehn@rz.tu-clausthal.de> http://www.tu-clausthal.de/~inrk/  +49-5323-72-3896
PGP key available via <pgp-public-keys@keys.pgp.net> or from my  WWW home page
******************************* HIP never ends *******************************