[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

netkit-inetd in sarge



Hi,

I finally had some time and a new hard drive to get around to trying out a
virgin sarge installation. To my dismay, I found that netkit-inetd is 
still going on as part of base.

As a security professional, I think this is a Bad Thing(tm). For all the
woody boxes I deploy in my infrastructure at work, I've built a dummy
package with equivs to allow me to remove this package. There's no other
way to get it off without losing half the system, as netbase depends on 
it.

Just disabling it isn't good enough as far as I'm concerned, I don't want
the binary on the filesystem, and rm'ing it defeats the purpose of using a
packaging system.

To cap it off, the discard service seems to be enabled out of the box. So
is daytime. Daytime's not too bad, but discard? I personally believe we
should be shipping sarge such that it installs offering the smallest
number of network services by default, and the user should explicitly
enable the ones they want. I can't see any reason for the discard service
on an Internet facing box in this day and age.

My personal preference would be for xinetd to be the default inet daemon
installed, as if you use Red Hat's model of having an /etc/xinet.d/ (or
whatever it is) it becomes trivial to be able to manage 
(de)activation of individual services offered by xinetd.

I've got a bit of spare time up my sleeves at the moment, and would like 
to help make netkit-inetd not part of a base install. What would it take?

regards

Andrew

Attachment: pgp_otYCpgPLj.pgp
Description: PGP signature


Reply to: