[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rlinetd security

"Noah L. Meyerhans" <frodo@morgul.net> writes:

> Personally, I don't care if something is turned on by default or not. If
> I need it, and it's on by default, I'll leave it on. If it's not on, I'll
> turn it on. If I don't need it I'll turn it off.

That's if you remember to check for these things and have the ability to
track down what starts such ports as are on.

You should see the number of posts we get on c.o.l.s. asking `how do I find
out what's listening on this port?' and suchlike questions.

Now ask how Ramen, 1i0n, adore and friends all spread and what would be a
*really* good way to reduce such things' chances of spreading later.

> I do think it's worth discussing whether the policy should be "on by
> default" of "off by default". Not just for the simple services, but for
> all services that get installed. Which option leaves more work to be done
> by the admin? 

The amount of work to be done is neither here nor there. Any competant
admin will have a pattern and preferably a set of scripts to tweak things
the way they want. Compared to the security risk, I think it pales into

> In the current "on by default" state, you install a new system and go
> throught /etc/rc?.d/ and /etc/inetd.conf and turn off things that you
> don't need, or uninstall them completely. Is that less time consuming for
> the admin than requiring them to go over the same directories and files
> and explicitly enable the services they want?

I think it might well be harder work.

Datapoint: my colo server box has a very few listeners, and uses xinetd to
control what interfaces they're bound to. Whenever I dist-upgraded before I
took portmapper out altogether, I had to check what was listening where,
and there was a lot of stuff that needed disabled.
Compared to changing a few `disable=yes' into `no' lines in xinetd.conf,
the process of tracking down & disabling several things all over the place
was an unnecessary PITA.

And let's not forget that plenty enough people don't know all 3 obvious
commands for finding a process responsible for a given listener, or don't
have `head /etc/services` in short-term memory, or why 53/tcp is a Bad
Thing, etc...

> I am not sure, but I expect it might not be. And I know it would be safer
> to leave services off by default. There are a lot of incompetant admins
> out there, and while "off by default" might generate a bit more traffic
> on -user, it is likely to save some of them some major grief.

Yes. I've seen the question `should one aim for secure by default?' before
and never made up my mind; there is a `false complacency' argument to be
wary of, of course, but I'm now pretty much decided that one should aim for
as secure as possible if only to stop things spreading through people's

   16:02:53 up 4 days, 20:06, 11 users,  load average: 0.02, 0.09, 0.04
piglet@stirfried.vegetable.org.uk |And your radiance shines
http://piglet.is.dreaming.org     |Like the moon of all innocent grace

Reply to: