On Thu, 11 Jun 1998, Amos Shapira wrote: > The rsh/rlogin/ident/rexec services are active by default in the > inetd.conf file. Even though I keep removing them (I delete their > lines altogether since that way it's much easier to notice a change) > they seem to keep popping up after updating any software related to > this file.
If you comment them out with a single "#", they won't be re-enabled by updated packages. > I'd like to suggest that these services will be "off" by default and > the user should be given a chance to stop the system before it > reactivates them. Many people do administration remotely. They would probably be very disapointed to have their login services yanked out from under them. They're easy enough to disable and only truely a security hole if you have .rhosts or hosts.equivs files laying around. Even then, tcpwrappers makes them significantly harder to spoof than on a traditional UNIX environment. > I'm not on the list (finals period) so please CC to me any response to > this message. CC sent. -- Scott K. Ellis <[EMAIL PROTECTED]> http://www.gate.net/~storm/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
