disabled in xinetd doesn't work?

To: debian-security@lists.debian.org
Subject: disabled in xinetd doesn't work?
From: bxf4@psu.edu (Brian P. Flaherty)
Date: 18 Aug 2001 11:37:33 -0400
Message-id: <[🔎] 87zo8xxttu.fsf@c119756-b.aidan>

Hello,

I have spent a fair amount of time trying to limit access to my
desktop.  One thing I have done is switched over to xinetd and I have
moved most services into xinetd.conf.

Aug 18 11:03:48 c119756-b xinetd[27786]: xinetd Version 2.1.8.8p3 started with 
Aug 18 11:03:48 c119756-b xinetd[27786]: libwrap 
Aug 18 11:03:48 c119756-b xinetd[27786]: options compiled in.
Aug 18 11:03:48 c119756-b xinetd[27786]: Started working: 16 available
services

One of the things I have tried is to use the disabled= keyword in the
default section, but it doesn't seem to work.  Above is part of
daemon.log when I start xinetd and here is the defaults section
of xinetd.conf:

# This file generated by xconv.pl, included with the xinetd
# package.  xconv.pl was written by Rob Braun (bbraun@synack.net)

[...]

# The defaults section sets some information for all services
defaults
{
	#The maximum number of requests a particular service may handle
	# at once.
	instances   = 10

	# The type of logging.  This logs to a file that is specified.
	# Another option is: SYSLOG syslog_facility [syslog_level]
	log_type    = FILE /var/log/servicelog

	# What to log when the connection succeeds.
	# PID logs the pid of the server processing the request.
	# HOST logs the remote host's ip address.
	# USERID logs the remote user (using RFC 1413)
	# EXIT logs the exit status of the server.
	# DURATION logs the duration of the session.
	log_on_success = PID

	# What to log when the connection fails.  Same options as above
	log_on_failure = HOST RECORD

# Deny everything
# Commented out because I don't know how it works with oidentd
	only_from =

	# The maximum number of connections a specific IP address can
	# have to a specific service.  
	per_source  = 5

# Internally disabled
	disabled = time daytime chargen discard servers services xadmin

}
[It goes on from here...]

Any idea why this is not working?  As with other questions I have had
concerning my use of Debian, I am trying to do this, while maintaining
compatability with the package system.  

Thanks for any suggestions.

Brian Flaherty

-- 
      /"\
      \ /     ASCII RIBBON CAMPAIGN
       X        AGAINST HTML MAIL  
      / \

Reply to:

Prev by Date: Re: sshd attack?
Next by Date: Re: inetd questions
Previous by thread: Re: VPN and Firewall
Next by thread: Re: inetd questions
Index(es):
- Date
- Thread