From owner-freebsd-security Mon Oct 2 18: 1:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id AD6CB37B503 for ; Mon, 2 Oct 2000 18:01:12 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id SAA34221 for ; Mon, 2 Oct 2000 18:01:07 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D93044.8B0C4E69@ursine.com> Date: Mon, 02 Oct 2000 18:03:00 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf References: <200010030008.RAA18074@freefall.freebsd.org> <20001002172133.B27736@fw.wintelcom.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > > And yes I also just had a mad scramble because I could have sworn that > finger was off by default, luckily it seems that I'd either killed > inetd or commented it out on all my hosts already. A command that I -always- execute on any freshly installed system, and from time to time when checking up on things: netstat -an If any port has a listener on it, as an admin you'd better know what that listener is and why it's needed, and make any setup changes as warranted. It really helps a lot when setting up a box to make sure I've really disabled all the services I intended to. (Usually everything off except ssh and maybe SMTP and/or DNS, depending on the purpose of the box.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message