Date: Fri, 22 Sep 2000 16:57:25 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Brett Glass <brett@lariat.org>, Wes Peters <wes@softweyr.com>, security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922165725.A30364@mithrandr.moria.org> In-Reply-To: <200009221435.e8MEZCs11279@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Sep 22, 2000 at 07:34:31AM -0700 References: <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri 2000-09-22 (07:34), Cy Schubert - ITSD Open Systems Group wrote: > > If you could tell us how to plug them in somewhere, it might be nice. > > Do we have 'awk' on the install disk so it can be used there? > > something.) > > Search the -security and -arch archives for the subject "Option 3". I have read it. It is in my "reasons why inetd's current configuration format sucks" mailbox encouraging me to propose an additional way to configure inetd using a directory + file structure. > Plugging in the awk scripts somewhere, could be in /etc or /usr/sbin, > and an option in sysinstall. (Editing inetd.conf after an install is a > pain). I asked how, not "where do you place scripts on a filesystem?", or "what is the name of the installer?". I don't think we want to make even more sysinstall hacks, as it is exceedingly complicated and time-consuming (especially according to Mr. Glass - hours of painstaking choices). I think inetd_enable="YES"/"NO" is mostly sufficient. Anything beyond that is the realm of the administrator. Perhaps we can put your scripts in /usr/share/examples/inetd/, along with example configurations, like inetd.conf.rsh, inetd.conf.ftp, inetd.conf.full. Then have a mostly-empty /etc/inetd.conf that isn't self-documenting, with ftp and commented out telnet and (internal) auth. What else do people run out of inetd? (I don't know - I don't have any systems that run inetd, except one with only internal auth so I can IRC from it) Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922165725.A30364>