Simply reinstall what ever ported apps you are using and look for a sample
startup script in /usr/local/etc/rc.d, or look in /etc/defaults/rc.conf for
the settings to override in /etc/rc.conf to run any standard system
services at boot.
You can search the old security lists or look in SANS archives on the
actual exploits about inetd.
-Derek
At 07:46 PM 5/12/2006, Eric Schuele wrote:
Daniel Bye wrote:
On Fri, May 12, 2006 at 01:07:22PM -0500, Eric Schuele wrote:
Although I am curious about ftpd and tcpwrappers.... I am also
interested in whether or not running these daemons under inetd is
preferred or not. If so why? If not, why?
Certainly for anything that has a reasonably expensive start up, such as
sshd, you will probably want to run it as a standalone daemon, because
it's easier on the system to start it up only once and then fork a new
child for each client connection.
On the other hand, using inetd will allow you to have only one
'superserver' running, which can spawn the appropriate daemon as
required. This means that you won't have idle daemons lying around, as
they are cleaned up once the session ends.
One obvious shortcoming, as you point out, is that the stock ftpd
doesn't seem to understand how to consult /etc/hosts.allow, so if you
have one configured already, then you might want to use inetd to control
ftpd. There may be alternative ftpd servers in the ports that do know
how to use tcpwrappers, but I've never used any others so don't know.
So, I suppose the real answer to your question is that you should use
inetd if you need to use one of the features that it provides, such as
tcpwrappers. I can't think of any reason to not use inetd, and I
haven't heard any reasonable arguments suggesting it's particularly bad
for your health. YMMV, etc.
Thanks for the response. I'm of a similar opinion. For this particular
application (my laptop and occasional use, plus its usually ipfw'd away
from the world) I think its fine... and unless I find another solution,
I'll probably run ftpd under inetd, and sshd standalone.
Dan
--
Regards,
Eric
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
