Re: Start up scripts
Henry Hollenberg writes:
> Ok, a few questions, in /etc/init.d/boot:
>
> what in the world is this construct? ": > /etc/mtab"
Create an empty /etc/mtab.
> %%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> #
> # Load the appropriate modules. This needs to be done here in case fs
> modules
> # are needed for accessing or mounting local file systems.
> #
> if [ -x /etc/init.d/modutils ]
> then
> /etc/init.d/modutils start
> elif [ -x /etc/init.d/modules ]
> then
> /etc/init.d/modules start
> fi
> %%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Wait a moment. We cannot remove module loading. We will need them for ip
masquerading stuff.
> in /etc/init.d/boot:
> %%%% REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> #
> # Now that TCP/IP is configured, mount the NFS file systems in /etc/fstab.
> #
> echo "Mounting remote file systems ..."
> mount -a -t nfs
> %%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Why? If you have no nfs filesystem in /etc/fstab this does no harm. If an
intruder can change /etc/fstab though he/she can change teh boot script,
too.
> %%%% REMOVE: %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> /etc/init.d/modules---->modutils No modules, custom kernel.
No, that doesn't work as some modules cannot be build into the kernel.
> /etc/init.d/kerneld Ditto.
> /etc/init.d/gpm Don't need a mouse on firewall.
> /etc/init.d/lpd Don't need a printer on firewall.
> /etc/init.d/ppp If ppp-needed=False.
> /etc/init.d/netstd_nfs No NFS.
> /etc/init.d/netstd_misc Don't need rwho or boot server.
> %%%%% END REMOVE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Agreed on the rest. Although neither netstd script hurts with the correct
configuration. I'd like to keep files of other packages untouched as much as
possible since it makes upgrading so much easier.
> Can't /usr/sbin/initd run stand-alone?
>
> I figure we need keep /usr/sbin/initd to invoke smtp services for
> connection requests to port 25.
I take it you're talking about inetd. But it's not needed for email at all.
Just start your MTA as daemon. and inetd doesn't know about it at all.
However, this prevents you from using tcp-wrapper on port 25.
Michael
--
Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH
meskes@topsystem.de | Europark A2, Adenauerstr. 20
meskes@debian.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .
Reply to: