Re: rlinetd security
sami@juvonen.org (Sami J. Juvonen) writes:
>
> What I would really like Debian to do when installing services is to *not*
> start them by default. Just install all the files, but make init scripts
> not run unless edited.
Is something like the IRIX or redhat (gasp) `chkconfig` system worth
considering?
For those that haven't seen it, IRIX uses a program called
``chkconfig'' to control things started from /etc/init.d scripts.
Essentially chkconfig is a fairly simple program that does one of
three things depending on how it's called:
1) `chkconfig` prints ``state'' (on or off) of every configuration
flag found in /var/config (the flags are just the string ``on''
or ``off'' stored in individual txt files in that directory).
2) `chkconfig [-f] <flag>` sets the flag to the desired state
(the -f option will create the flag if it doesn't exist)
3) `chkconfig <flag>` will check the status of the flag -- chkconfig
will exit with status 0 if it is on, 1 if it is off or
nonexistent.
How this works in practice:
Scripts in /etc/init.d all have a structure something like:
case "$1" in
'start')
if /etc/chkconfig myservice; then
...start myservice
So, in this example if if the /var/config/myservice file doesn't
contain ``on'' (or doesn't exist) the commands to start it won't be
run.
As a whole the system works fairly well (and is easier for newbie
admins than the Red Hat chkconfig implementation or symlink
creation/deletion). It's fairly simple to turn things on/off, and
there are few surprises during updates.
--
/* Dale Southard Jr. southard1@llnl.gov 925-422-1463 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
Reply to: