Re: disabling inetd
Vineet Kumar wrote:
> * Initech (firstname.lastname@example.org) [031212 13:42]:
> > On Fri, Dec 12, 2003 at 01:20:42PM -0600, Rick Weinbender wrote:
> > > I've heard that the inetd process is not very secure.
> That's not necessarily true. What is "not very secure" is running any
> service you don't need. If you don't have anything necessary being run
> from inetd, why run inetd?
> > > Is there a way to remove it or disable it permanently.
> > > Would this be a good thing to do? Or will it just cause
> > > me problems down the road.
> > inetd is not really insecure, it the junk people start from it that is
> > insecure (finger, telnet, god knows what else). inetd is a very
> > useful memory saver for services you want to run on year machine, but
> > only want them run when needed.
> > You can disable it if you like by running
> > update-rc.d -f inetd remove
> > (note: this is the way you modify init scripts in debian)
> note: this is _not_ the way you modify init scripts in debian.
> 'update-rc.d -f inetd remove' might be a fine thing for inetd's postrm
> script to run. That's about it. 99% of the time, the above invocation
> is not what you want to do.
> Most often, I think, if you think you want to do "update-rc.d -f
> $package remove", you usually really mean 'dpkg --remove $package".
> Or sometimes you want rm /etc/rc2.d/S??$package. Other times,
> it's to edit /etc/init.d/$package and insert an 'exit 0' near the top.
> One of these days I'll get around to canning this rant; I'm getting
> tired of writing about this and it's starting to show. =p However, I do
> still think it an important myth to shoot down each time I see it,
> because the only way I can figure that anyone thinks that 'update-rc.d
> -f inetd remove' is a reasonable thing to do is because they saw someone
> else suggest it here without being corrected. I guess it sounds kind of
> like update-menus or update-modules, so people think it's "The Debian
> Way" of managing sysvinit rc.d boot directories.
> Anyway, Rick, I'd suggest you remove the inetd package altogether.
> good times,
> Name: signature.asc
> signature.asc Type: application/pgp-signature
> Description: Digital signature
Thanks everyone for the good advice.