[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: base: Wishlist: High security base system (or separate add-on package)



On Wed, Jan 03, 2001 at 07:50:58PM +0100, Christian Kurz wrote:
> 
> > apt-get remove telnetd
> 
> Well, why do we have telnet enabled after installation? This is a bit
> security hole and I think this service should be disabled and only be
> enabled by the admin.

because telnetd is priority standard, and with dselect (and tasksel in
woody i think) all priority standard packages are installed by
default. (well selected by default in your first dselect session, so
if you do nothing more then run the select step in dselect and then
install you get priority: standard).

$ apt-cache show telnetd
Package: telnetd
Priority: standard
Section: net

nfsd and nfs-common are also standard, but nfs-kernel-server's
initscript won't start the daemons if /etc/exports contains no
exports.  nfs-common and portmap are started by default though.  (and
statd had a nice root hole recently) 

> Hm, there are services in /etc/inetd.conf that are not belonging to any
> package like daytime, echo and this should be disabled by default.

agreed these should be off by default. what are these used for that
makes it necessary for the majority of systems to have them enabled?  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpScuvylHtfW.pgp
Description: PGP signature


Reply to: