Re: Start up scripts

To: speed@barney.iamerica.net (Henry Hollenberg)
Cc: debian-firewall@lists.debian.org
Subject: Re: Start up scripts
From: Michael Meskes <meskes@topsystem.de>
Date: Thu, 5 Mar 1998 11:12:03 +0100 (CET)
Message-id: <[🔎] 199803051012.LAA18721@gauss.topsystem.de>
In-reply-to: <[🔎] Pine.LNX.3.95.980304180407.1682i-100000@barney.iamerica.net> from Henry Hollenberg at "Mar 4, 98 06:14:22 pm"

Henry Hollenberg writes:
> Ok, a few questions, in  /etc/init.d/boot:
> 
> what in the world is this construct?  ": > /etc/mtab"

Create an empty /etc/mtab.

> %%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> #
> # Load the appropriate modules. This needs to be done here in case fs
> modules
> # are needed for accessing or mounting local file systems.
> #
> if [ -x /etc/init.d/modutils ]
> then
>   /etc/init.d/modutils start
> elif [ -x /etc/init.d/modules ]
> then
>   /etc/init.d/modules start
> fi
> %%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Wait a moment. We cannot remove module loading. We will need them for ip
masquerading stuff.

> in /etc/init.d/boot:
> %%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> #
> # Now that TCP/IP is configured, mount the NFS file systems in /etc/fstab.
> #
> echo "Mounting remote file systems ..."
> mount -a -t nfs
> %%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Why? If you have no nfs filesystem in /etc/fstab this does no harm. If an
intruder can change /etc/fstab though he/she can change teh boot script,
too.

> %%%% REMOVE: %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> /etc/init.d/modules---->modutils	No modules, custom kernel.

No, that doesn't work as some modules cannot be build into the kernel.

> /etc/init.d/kerneld			Ditto.
> /etc/init.d/gpm				Don't need a mouse on  firewall.
> /etc/init.d/lpd                         Don't need a printer on firewall.
> /etc/init.d/ppp   			If ppp-needed=False.
> /etc/init.d/netstd_nfs			No NFS.
> /etc/init.d/netstd_misc			Don't need rwho or boot server.
> %%%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Agreed on the rest. Although neither netstd script hurts with the correct
configuration. I'd like to keep files of other packages untouched as much as
possible since it makes upgrading so much easier.

> Can't /usr/sbin/initd run stand-alone?
> 
> I figure we need keep /usr/sbin/initd to invoke smtp services for
> connection requests to port 25.

I take it you're talking about inetd. But it's not needed for email at all.
Just start your MTA as daemon. and inetd doesn't know about it at all.
However, this prevents you from using tcp-wrapper on port 25.

Michael

-- 
Dr. Michael Meskes, Project-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10


--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- Re: Start up scripts
  - From: Henry Hollenberg <speed@barney.iamerica.net>

References:
- Start up scripts
  - From: Henry Hollenberg <speed@barney.iamerica.net>

Prev by Date: MTA
Next by Date: Re: Start up scripts
Previous by thread: Start up scripts
Next by thread: Re: Start up scripts
Index(es):
- Date
- Thread