Is inetd needed on a web server + PostgreSQL?

Alexander Farber Tue, 07 Nov 2006 03:50:48 -0800

Hello,

I have a small web server (OpenBSD 4.0 stable) running phpBB with PostgreSQL.
Then there is sshd @ port 443 and default sendmail @ localhost.25.


Do you think I still need to run inetd? I've looked through the
/etc/inetd.conf and
there are only 2 time services + ident. I think I don't need those 3 services
either (my PostgeSQL listens only to the /var/www/tmp/.s.PGSQL.5432 file).

So do you think I could switch inetd down or do I miss something?

And also, do I need these getty processes if I only use ssh and serial console?

root     22089  0.0  0.1   212   556 C0  Is+   Fri10AM    0:00.01
/usr/libexec/getty Pc ttyC0
root     15055  0.0  0.1   296   548 C1  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC1
root     11962  0.0  0.1   248   548 C2  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC2
root     31899  0.0  0.1   368   532 C3  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC3
root      4805  0.0  0.1   224   552 C5  Is+   Fri10AM    0:00.01
/usr/libexec/getty Pc ttyC5

Could you please tell me, where to switch them off? (I've searched in
man -k tty)

Thank you
Alex

PS: Here is my pf.conf and the list of processes (which I'd like to
reduce a bit):

$ sudo cat /etc/pf.conf

ext_if = "fxp0"
priv_nets = "{ 127/8 192.168/16 172.16/12 10/8 }"
allow_ports = "{ www https }"

set loginterface $ext_if

scrub in

block in log
pass out keep state
set skip on lo

antispoof quick for $ext_if

block quick on $ext_if from $priv_nets
block quick log on $ext_if to $priv_nets

# don't allow PHP-worms to propagate
block out quick log on $ext_if proto { tcp, udp } all user www

pass in on $ext_if proto tcp from any to $ext_if port $allow_ports keep state


$ ps uax
USER       PID %CPU %MEM   VSZ   RSS TT   STAT STARTED       TIME COMMAND
root         1  0.0  0.1   468   332 ??  Ss    Fri10AM    0:00.02 /sbin/init
root     29156  0.0  0.1   372   524 ??  Is    Fri10AM    0:00.01
syslogd: [priv] (syslogd)
_syslogd 10485  0.0  0.1   400   528 ??  S     Fri10AM    0:00.73
syslogd -a /var/empty/dev/log
root     16401  0.0  0.1   392   392 ??  Is    Fri10AM    0:00.02
pflogd: [priv] (pflogd)
_pflogd   5650  0.0  0.1   460   336 ??  S     Fri10AM    0:12.33
pflogd: [running] -s 116 -f /var/log/pflog (pflogd)
root     31027  0.0  0.1   284   628 ??  Is    Fri10AM    0:00.02 inetd
root      3513  0.0  0.1   520   688 ??  Ss    Fri10AM    0:00.76 cron
_postgresql 29103  0.0  0.7  2280  3564 ??  S     Fri10AM    0:30.20
postmaster: writer process    (postgres)
_postgresql 23152  0.0  0.3  3296  1704 ??  S     Fri10AM    0:01.05
postmaster: stats buffer process    (postgres)
_postgresql 16977  0.0  0.2  2344  1084 ??  I     Fri10AM    0:01.37
postmaster: stats collector process    (postgres)
root     30114  0.0  0.3  1192  1764 ??  Ss    Fri10AM    0:11.32
sendmail: accepting connections (sendmail)
_postgresql 10976  0.0  0.7  2984  3732 ??  I      8:41AM    0:00.02
postmaster: phpbb phpbb [local] idle (postgres)
root     15676  0.0  0.2   492  1180 ??  Is    10:10AM    0:00.16 /usr/sbin/sshd
root     29248  0.0  0.4  3184  2184 ??  Is    10:17AM    0:00.09
sshd: afarber [priv] (sshd)
afarber  32251  0.0  0.3  3188  1464 ??  S     10:17AM    0:00.76
sshd: [EMAIL PROTECTED] (sshd)
www      19705  0.0  1.2  2736  6080 ??  Ss    11:52AM    0:00.21
httpd: parent [chroot /var/www] (httpd)
www      14868  0.0  1.0  3036  5004 ??  I     11:52AM    0:00.81
httpd: child (httpd)
www      23367  0.0  0.9  3008  4936 ??  I     11:52AM    0:00.73
httpd: child (httpd)
www       2800  0.0  1.0  3068  5068 ??  I     11:52AM    0:00.71
httpd: child (httpd)
www      14936  0.0  1.0  3064  5020 ??  I     11:52AM    0:00.83
httpd: child (httpd)
www      32295  0.0  0.9  3020  4912 ??  I     11:52AM    0:00.71
httpd: child (httpd)
www      13521  0.0  0.9  3012  4956 ??  I     11:53AM    0:00.41
httpd: child (httpd)
www      10874  0.0  0.9  3032  4932 ??  I     11:55AM    0:00.59
httpd: child (httpd)
afarber   4852  0.0  0.1   460   512 p0  Is+   10:17AM    0:00.07 -ksh (ksh)
afarber  31856  0.0  0.1   460   480 p1  Is     8:40AM    0:00.01 /bin/ksh
afarber  17658  0.0  0.0   364   228 p3  R+    12:30PM    0:00.00 ps -uax
_postgresql 22404  0.0  0.6  2288  2916 00- I     Fri10AM    0:02.49
/usr/local/bin/postmaster -D /var/postgresql/data -D
/var/postgresql/data
root      3374  0.0  0.1   264   548 00  Is+   Fri10AM    0:00.01
/usr/libexec/getty std.57600 tty00
root     22089  0.0  0.1   212   556 C0  Is+   Fri10AM    0:00.01
/usr/libexec/getty Pc ttyC0
root     15055  0.0  0.1   296   548 C1  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC1
root     11962  0.0  0.1   248   548 C2  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC2
root     31899  0.0  0.1   368   532 C3  Is+   Fri10AM    0:00.00
/usr/libexec/getty Pc ttyC3
root      4805  0.0  0.1   224   552 C5  Is+   Fri10AM    0:00.01
/usr/libexec/getty Pc ttyC5

$ netstat -a | grep LISTEN | grep -vw tcp6
tcp        0      0  *.www                  *.*                    LISTEN
tcp        0      0  *.https                *.*
LISTEN         (that's my ssh port)
tcp        0      0  localhost.submissi     *.*                    LISTEN
tcp        0      0  localhost.smtp         *.*                    LISTEN
tcp        0      0  *.time                 *.*                    LISTEN
tcp        0      0  *.daytime              *.*                    LISTEN
tcp        0      0  *.auth                 *.*                    LISTEN


--
http://preferans.de

Is inetd needed on a web server + PostgreSQL?

Reply via email to