Re: inetd in netbase package
Hi,
Ofcause the most secure thing is to know what I do, but when you have a
number of machines to manage it can be hard to make notes of every change
from time to time.
What happends if I remove /etc/rc2.d/S20inetd, will APT/dpkg recreate the
link when I do a upgrade? When removing that link or renaming inetd it
self, I start to change things in the system that I have to keep track of.
If inetd was a separated package I only need to keep track of what I have
installed, and I keep track of that by run the command 'dpkg -l'. I try to
write documentation for all servers in the office but sometimes it is easy
to forget a quick patch/fix. My feeling is that you should keep the number
of fixes at a minimum.
I didn't say that inetd has any bugs. Often when you start inetd you get a
number of services that can have bugs or unsecure your system. Ofcause I
can remove or rewrite /etc/inetd.conf.
IMHO it would be good to have inetd as its own package. When you
install/activate inetd you should be aware of the risks. When inetd is
installed as a port of the basic/initial installation you may forget to
rewrite /etc/inetd.conf.
_\\|//_
(-0-0-)
/-------------------------------ooO-(_)-Ooo------------------------------\
| Magnus Sandberg Email: Magnus.Sandberg@bluelabs.se |
| Network Engineer, BlueLabs AB http://www.bluelabs.se/ |
| Phone: +46-8-470 2155 (FAX: +46-8-470 2199) GSM: +46-708-225 805 |
\------------------------------------------------------------------------/
|| ||
ooO Ooo
----- On 11th of October 2000 Julian Stoev vrote; -----
On Wed, Oct 11, 2000 at 02:10:58PM +0200, Magnus Sandberg wrote:
|Hi,
|
|Maybe my question should be sent to another list, let me know then.
|
|I know that this is a very active maillist so I'm not part of it, please
|send a CC to me too, if you reply to this mail.
|
|My question is why inetd is part of netbase. I would like to have a system
|that don't run inetd but I would like to be able to use the other commands
|that are part of netbase, like telnet (out from the machine), traceroute
|etc.
Inetd is starting from /etc/rc2.d/S20inetd, which is a link to
/etc/init.d/inetd
You can delete the link /etc/rc2.d/S20inetd and inetd will not start.
You have to make sure, that you start all daemons you need in startup
scripts.
|The securest way to not run inetd is to not have inetd installed. But if
|I don't want to mess up the system by removing the actual inetd binary
|I have a system where inetd is installed.
The securest thing to do is to know what you are doing. ;) We are all
trying to get there....
|I thought that Debian was more security aware then i.e RedHat, but that's
|not true. Even RedHat has split up netbase into sevral packages. RedHat has
|a package called net-tools that together with the init-scripts are used to
|configure the network. Than you have separated packages for all services
|and "applications" like inetd, telnet and traceroute, etc. I think Debian
|can do the same because package dependencis should sort out the rest for
|the users/admins.
Can you give a single refenece to a recent bug in inetd? It is rock
stable and secure. Actually it *improving* your security. That's why
Debian is using it. But if you don't want it, you can remove it from
the startup as I described above.
--JS
Reply to: