Date: Thu, 05 Feb 1998 11:02:24 -0800 From: Jamie Lawrence <jal@42is.com> To: Doug White <dwhite@resnet.uoregon.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: minimalist /etc/services and /etc/inetd.conf Re: Security Message-ID: <3.0.3.32.19980205110224.009f3820@colonel.42inc.com> In-Reply-To: <Pine.BSF.3.96.980204215806.16875G-100000@gdi.uoregon.edu> References: <3.0.3.32.19980204134734.009944f0@colonel.42inc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I didn't mean to spark a huge debate on this - I won't publicly post on the topic after this. Feel free to harangue me privately, should you feel really strongly about my habit of editing /etc/services. At 09:58 PM 2/4/98 -0800, you wrote: >> "Don't play with /etc/services" seems like pretty general advice >> not applicable in all (or perhaps even most) situations. > >OK, then why edit services? It's a text database, nothing more. For the same reason I remove large chunks of /bin/*, /sbin/*, the man pages for what is gone, /etc/sendmail.cf, the kernel sources after a recompile, etc. etc. etc. What isn't there can't be used against the system. True, there might not be any direct gains in security from removing man pages and editing services, and I admit this particular case is perhaps just an aesthetic issue. If a system is only firewalling or only serving web pages, I want it to be only capable of that function (modulo any administratively necessary functions, of course), and want everything not associated with that function gone. "All that is not permitted is forbidden", while admittedly bad social policy, is great security. (I'm less harsh to machines that more people access.) -j
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19980205110224.009f3820>