Re: disabling inetd

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: disabling inetd
From: Vineet Kumar <vineet@doorstop.net>
Date: Fri, 12 Dec 2003 18:44:52 -0800
Message-id: <[🔎] 20031213024452.GE452@doorstop.net>
Mail-followup-to: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20031212194148.GA27271@scatterbolt.r00tserverz.net>
References: <[🔎] 3FDA150A.F4CDE15E@central-ph.k12.mo.us> <[🔎] 20031212194148.GA27271@scatterbolt.r00tserverz.net>

* Initech (initech@r00tserverz.net) [031212 13:42]:
> On Fri, Dec 12, 2003 at 01:20:42PM -0600, Rick Weinbender wrote:
> > I've heard that the inetd process is not very secure.

That's not necessarily true.  What is "not very secure" is running any
service you don't need.  If you don't have anything necessary being run
from inetd, why run inetd?

> > Is there a way to remove it or disable it permanently.
> > Would this be a good thing to do?  Or will it just cause
> > me problems down the road.
> 
> inetd is not really insecure, it the junk people start from it that is
> insecure (finger, telnet, god knows what else).  inetd is a very
> useful memory saver for services you want to run on year machine, but
> only want them run when needed.
> 
> You can disable it if you like by running
> 
> update-rc.d -f inetd remove
> 
> (note: this is the way you modify init scripts in debian)

note: this is _not_ the way you modify init scripts in debian.

'update-rc.d -f inetd remove' might be a fine thing for inetd's postrm
script to run.  That's about it.  99% of the time, the above invocation
is not what you want to do.

Most often, I think, if you think you want to do "update-rc.d -f
$package remove", you usually really mean 'dpkg --remove $package".  
Or sometimes you want rm /etc/rc2.d/S??$package.  Other times,
it's to edit /etc/init.d/$package and insert an 'exit 0' near the top.

One of these days I'll get around to canning this rant; I'm getting
tired of writing about this and it's starting to show. =p  However, I do
still think it an important myth to shoot down each time I see it,
because the only way I can figure that anyone thinks that 'update-rc.d
-f inetd remove' is a reasonable thing to do is because they saw someone
else suggest it here without being corrected.  I guess it sounds kind of
like update-menus or update-modules, so people think it's "The Debian
Way" of managing sysvinit rc.d boot directories.

Anyway, Rick, I'd suggest you remove the inetd package altogether.

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
http://www.sprintpcs-sucks.org/

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: disabling inetd
  - From: Kevin Mark <kmark+debian-user@pipeline.com>
- Re: disabling inetd
  - From: Rick Weinbender <rwein@central-ph.k12.mo.us>

References:
- disabling inetd
  - From: Rick Weinbender <rwein@central-ph.k12.mo.us>
- Re: disabling inetd
  - From: Initech <initech@r00tserverz.net>

Prev by Date: Re: Limiting Child Processes - SpamAssassin
Next by Date: Re: fun stuff - dvd - 802.11g
Previous by thread: Re: disabling inetd
Next by thread: Re: disabling inetd
Index(es):
- Date
- Thread