Date: Mon, 26 Jun 2000 05:35:25 -0400 From: Will Andrews <andrews@technologist.com> To: arch@FreeBSD.org Subject: Disabling inetd? Message-ID: <20000626053525.U85886@argon.gryphonsoft.com>
next in thread | raw e-mail | index | archive | help
Hi all, I was just a few minutes ago talking with some of my colleagues about disabling inetd completely in a default install. What are people's opinions about doing this? IMHO there is nothing in inetd that is absolutely essential when someone installs FreeBSD on a virgin system. Let's take a few things as examples. Telnet is an insecure protocol and has been replaced for the most part by SSH. Then there's FTP. How many people are going to run FTP servers on their machines by default? Now talk daemon, auth server (for ident, typically used with IRC), and finger. Not everyone really needs these. Our inetd.conf should reflect what would be NEEDED by a typical installation by default. Some might say "why fix something that ain't broke?". Well, I think that it's fairly well-known that holes can be exploited through inetd. Proactive security is better than leaving possible holes open by default, IMO. Administrators who know what they're doing can open up each hole as they need to. Could someone give me a reason why anything invoked by our current inetd.conf is needed across all installed systems by default? If not, then inetd itself should be disabled by default. -- Will Andrews <andrewsw@purdue.edu> <will@FreeBSD.org> GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000626053525.U85886>