[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: disabling inetd

Vineet Kumar wrote:

> * Initech (initech@r00tserverz.net) [031212 13:42]:
> > On Fri, Dec 12, 2003 at 01:20:42PM -0600, Rick Weinbender wrote:
> > > I've heard that the inetd process is not very secure.
> That's not necessarily true.  What is "not very secure" is running any
> service you don't need.  If you don't have anything necessary being run
> from inetd, why run inetd?
> > > Is there a way to remove it or disable it permanently.
> > > Would this be a good thing to do?  Or will it just cause
> > > me problems down the road.
> >
> > inetd is not really insecure, it the junk people start from it that is
> > insecure (finger, telnet, god knows what else).  inetd is a very
> > useful memory saver for services you want to run on year machine, but
> > only want them run when needed.
> >
> > You can disable it if you like by running
> >
> > update-rc.d -f inetd remove
> >
> > (note: this is the way you modify init scripts in debian)
> note: this is _not_ the way you modify init scripts in debian.
> 'update-rc.d -f inetd remove' might be a fine thing for inetd's postrm
> script to run.  That's about it.  99% of the time, the above invocation
> is not what you want to do.
> Most often, I think, if you think you want to do "update-rc.d -f
> $package remove", you usually really mean 'dpkg --remove $package".
> Or sometimes you want rm /etc/rc2.d/S??$package.  Other times,
> it's to edit /etc/init.d/$package and insert an 'exit 0' near the top.
> One of these days I'll get around to canning this rant; I'm getting
> tired of writing about this and it's starting to show. =p  However, I do
> still think it an important myth to shoot down each time I see it,
> because the only way I can figure that anyone thinks that 'update-rc.d
> -f inetd remove' is a reasonable thing to do is because they saw someone
> else suggest it here without being corrected.  I guess it sounds kind of
> like update-menus or update-modules, so people think it's "The Debian
> Way" of managing sysvinit rc.d boot directories.
> Anyway, Rick, I'd suggest you remove the inetd package altogether.
> good times,
> Vineet
> --
> http://www.doorstop.net/
> --
> http://www.sprintpcs-sucks.org/
>   ------------------------------------------------------------------------
>                        Name: signature.asc
>    signature.asc       Type: application/pgp-signature
>                 Description: Digital signature


Thanks everyone for the good advice.

Reply to: