Hi, I finally had some time and a new hard drive to get around to trying out a virgin sarge installation. To my dismay, I found that netkit-inetd is still going on as part of base. As a security professional, I think this is a Bad Thing(tm). For all the woody boxes I deploy in my infrastructure at work, I've built a dummy package with equivs to allow me to remove this package. There's no other way to get it off without losing half the system, as netbase depends on it. Just disabling it isn't good enough as far as I'm concerned, I don't want the binary on the filesystem, and rm'ing it defeats the purpose of using a packaging system. To cap it off, the discard service seems to be enabled out of the box. So is daytime. Daytime's not too bad, but discard? I personally believe we should be shipping sarge such that it installs offering the smallest number of network services by default, and the user should explicitly enable the ones they want. I can't see any reason for the discard service on an Internet facing box in this day and age. My personal preference would be for xinetd to be the default inet daemon installed, as if you use Red Hat's model of having an /etc/xinet.d/ (or whatever it is) it becomes trivial to be able to manage (de)activation of individual services offered by xinetd. I've got a bit of spare time up my sleeves at the moment, and would like to help make netkit-inetd not part of a base install. What would it take? regards Andrew
Attachment:
pgp_DEX97gMju.pgp
Description: PGP signature