Date: Wed, 15 Aug 2001 11:51:28 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Richard Stanaford <richard@nebula-bsd.dyndns.org> Cc: "Andrew R. Reiter" <arr@watson.org>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1010815114917.81338B-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0108151000080.83934-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Aug 2001, Richard Stanaford wrote: > Perhaps we could also have the option to not run Inetd at all. Of > course you can just go right in to /etc/rc.conf and set > "inetd_enable=NO", but doing it at the end of the system build might > save a few who could forget. I recently changed sysinstall (should be in 4.4-RELEASE when that comes out) to first ask whether the user wants to run inetd, and then if they say yes, asks if they'd like to edit inetd.conf. Inetd.conf is now defaulted so that all services are disabled. This permits sysinstall to enable/disable inetd, and allows the user to enable services as they see fit during the install prior to reboot. This is not heavily tested, so I'd appreciate it if, when the prerelease snapshot comes out, people could give it a spin. I also modified the security menu a fair amount, eliminating two of the security profiles, as they were now redundant. I'm hoping to gradually phase out the security profiles, and simply have the user enable or dissable services specifically. Possibly adding a security evalaution feature that would look at the active settings and talk about the risks (this might be a cool project for someone wanting play with sysinstall). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010815114917.81338B-100000>