Re: Task harden.
This might be a little off, but why not have a Debian package called
nullinetd, that just provides netkit-inetd, but is essentially empty?
I've been doing that myself on my own machines, but something like
that might be helpful if you're trying to avoid inetd...
Also, why not ship inetd.conf with everything commented out... I think
you should have to deliberately open a service rather than have a
virgin box with everything open.
On Mon, Apr 02, 2001 at 11:48:42AM -0400, xsdg wrote:
> On Sun, Apr 01, 2001 at 10:06:52PM -0700, John H. Robinson, IV wrote:
> > On Sun, Apr 01, 2001 at 10:26:08PM +0200, Ola Lundqvist wrote:
> > > And now some questions (that can be dicussed).
> > > * I intend to conflict with inetd. Do you think that is ok?
> > yes! there are good inetd's to replace it with (tcpserver, and xinetd
> > both come to mind)
> I recently talked to the maintainer of netbase (netkit-inetd), and he said
> that he wasn't going to remove netbase's dependency on netkit-inetd, which
> would make this an extremely bad idea ATM...
> > -john
> >  my theory is: if a large number of security violations have been
> > found, chances are, more are still lurking. a complete re-write does
> > get to wipe the slate clean, but i still don't trust BIND and no one
> > is ever going to convince me otherwise. same with sendmail
> >  i have not too much familiarity with xinetd to actually recomend it,
> > but i would rather use that that inetd
> I use(d?) xinetd, and I feel that it's heads and shoulders above inetd.
> It allows you to bind to specific interfaces, and its config file is much
> cleaner than that of inetd. Finally, it can convert an inetd.conf to an
> >  yes, some of the things i listed are non-free. i can't help that :(
> / ::Mouse movement detected:: \
> \ ::Reboot Windows to activate changes:: /
> / http://email@example.com \
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com