From owner-freebsd-security  Wed Aug 15  8:51:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id A0BBA37B409
	for <security@FreeBSD.ORG>; Wed, 15 Aug 2001 08:51:37 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.4/8.11.4) with SMTP id f7FFpTf81523;
	Wed, 15 Aug 2001 11:51:29 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 15 Aug 2001 11:51:28 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Richard Stanaford <richard@nebula-bsd.dyndns.org>
Cc: "Andrew R. Reiter" <arr@watson.org>, security@FreeBSD.ORG
Subject: Re: cvs commit: src/etc inetd.conf 
In-Reply-To: <Pine.BSF.4.21.0108151000080.83934-100000@localhost>
Message-ID: <Pine.NEB.3.96L.1010815114917.81338B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Wed, 15 Aug 2001, Richard Stanaford wrote:

> Perhaps we could also have the option to not run Inetd at all.  Of
> course you can just go right in to /etc/rc.conf and set
> "inetd_enable=NO", but doing it at the end of the system build might
> save a few who could forget. 

I recently changed sysinstall (should be in 4.4-RELEASE when that comes
out) to first ask whether the user wants to run inetd, and then if they
say yes, asks if they'd like to edit inetd.conf.  Inetd.conf is now
defaulted so that all services are disabled.  This permits sysinstall to
enable/disable inetd, and allows the user to enable services as they see
fit during the install prior to reboot.  This is not heavily tested, so
I'd appreciate it if, when the prerelease snapshot comes out, people could
give it a spin.  I also modified the security menu a fair amount,
eliminating two of the security profiles, as they were now redundant.  I'm
hoping to gradually phase out the security profiles, and simply have the
user enable or dissable services specifically.  Possibly adding a security
evalaution feature that would look at the active settings and talk about
the risks (this might be a cool project for someone wanting play with
sysinstall).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message