Re: inetd in netbase package
- My question is why inetd is part of netbase. I would like to have a system - that don't run inetd but I would like to be able to use the other commands - that are part of netbase, like telnet (out from the machine), traceroute - etc. Well,personally I want to havce inetd services but I wandt xinetd to provide them. Maybe inetd should be split into package inetd and xinetd would provide the same functionality. The same probably about syslogd versus syslog-ng; I don't need syslogd installed. the problem is syslogd is in the same package as klogd and I need klogd. Maybe sysklogd should be splitted into twopackages and syslog-ng would provide syslogd... -- Matus fantomas Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk [EMAIL PROTECTED] ; http://www.fantomas.sk/ ; http://www.nextra.sk/ Linux IS user friendly, it's just selective who its friends are... --- Odchozí zpráva obsahuje viry. Zkontrolováno antivirovým systémem AVG (http://www.grisoft.cz). Verze: 6.0.167 / Virová báze: 80 - datum vydání: 6/29/2000
inetd in netbase package
Hi, Maybe my question should be sent to another list, let me know then. I know that this is a very active maillist so I'm not part of it, please send a CC to me too, if you reply to this mail. My question is why inetd is part of netbase. I would like to have a system that don't run inetd but I would like to be able to use the other commands that are part of netbase, like telnet (out from the machine), traceroute etc. The securest way to not run inetd is to not have inetd installed. But if I don't want to mess up the system by removing the actual inetd binary I have a system where inetd is installed. I thought that Debian was more security aware then i.e RedHat, but that's not true. Even RedHat has split up netbase into sevral packages. RedHat has a package called net-tools that together with the init-scripts are used to configure the network. Than you have separated packages for all services and applications like inetd, telnet and traceroute, etc. I think Debian can do the same because package dependencis should sort out the rest for the users/admins. -- _\\|//_ (-0-0-) /---ooO-(_)-Ooo--\ | Magnus SandbergEmail: [EMAIL PROTECTED] | | Network Engineer, BlueLabs AB http://www.bluelabs.se/ | | Phone: +46-8-470 2155(FAX: +46-8-470 2199)GSM: +46-708-225 805 | \/ || || ooO Ooo
Re: inetd in netbase package
On Wed, Oct 11, 2000 at 02:10:58PM +0200, Magnus Sandberg wrote: |Hi, | |Maybe my question should be sent to another list, let me know then. | |I know that this is a very active maillist so I'm not part of it, please |send a CC to me too, if you reply to this mail. | |My question is why inetd is part of netbase. I would like to have a system |that don't run inetd but I would like to be able to use the other commands |that are part of netbase, like telnet (out from the machine), traceroute |etc. Inetd is starting from /etc/rc2.d/S20inetd, which is a link to /etc/init.d/inetd You can delete the link /etc/rc2.d/S20inetd and inetd will not start. You have to make sure, that you start all daemons you need in startup scripts. |The securest way to not run inetd is to not have inetd installed. But if |I don't want to mess up the system by removing the actual inetd binary |I have a system where inetd is installed. The securest thing to do is to know what you are doing. ;) We are all trying to get there |I thought that Debian was more security aware then i.e RedHat, but that's |not true. Even RedHat has split up netbase into sevral packages. RedHat has |a package called net-tools that together with the init-scripts are used to |configure the network. Than you have separated packages for all services |and applications like inetd, telnet and traceroute, etc. I think Debian |can do the same because package dependencis should sort out the rest for |the users/admins. Can you give a single refenece to a recent bug in inetd? It is rock stable and secure. Actually it *improving* your security. That's why Debian is using it. But if you don't want it, you can remove it from the startup as I described above. --JS
Re: inetd in netbase package
Hi, Ofcause the most secure thing is to know what I do, but when you have a number of machines to manage it can be hard to make notes of every change from time to time. What happends if I remove /etc/rc2.d/S20inetd, will APT/dpkg recreate the link when I do a upgrade? When removing that link or renaming inetd it self, I start to change things in the system that I have to keep track of. If inetd was a separated package I only need to keep track of what I have installed, and I keep track of that by run the command 'dpkg -l'. I try to write documentation for all servers in the office but sometimes it is easy to forget a quick patch/fix. My feeling is that you should keep the number of fixes at a minimum. I didn't say that inetd has any bugs. Often when you start inetd you get a number of services that can have bugs or unsecure your system. Ofcause I can remove or rewrite /etc/inetd.conf. IMHO it would be good to have inetd as its own package. When you install/activate inetd you should be aware of the risks. When inetd is installed as a port of the basic/initial installation you may forget to rewrite /etc/inetd.conf. _\\|//_ (-0-0-) /---ooO-(_)-Ooo--\ | Magnus SandbergEmail: [EMAIL PROTECTED] | | Network Engineer, BlueLabs AB http://www.bluelabs.se/ | | Phone: +46-8-470 2155(FAX: +46-8-470 2199)GSM: +46-708-225 805 | \/ || || ooO Ooo - On 11th of October 2000 Julian Stoev vrote; - On Wed, Oct 11, 2000 at 02:10:58PM +0200, Magnus Sandberg wrote: |Hi, | |Maybe my question should be sent to another list, let me know then. | |I know that this is a very active maillist so I'm not part of it, please |send a CC to me too, if you reply to this mail. | |My question is why inetd is part of netbase. I would like to have a system |that don't run inetd but I would like to be able to use the other commands |that are part of netbase, like telnet (out from the machine), traceroute |etc. Inetd is starting from /etc/rc2.d/S20inetd, which is a link to /etc/init.d/inetd You can delete the link /etc/rc2.d/S20inetd and inetd will not start. You have to make sure, that you start all daemons you need in startup scripts. |The securest way to not run inetd is to not have inetd installed. But if |I don't want to mess up the system by removing the actual inetd binary |I have a system where inetd is installed. The securest thing to do is to know what you are doing. ;) We are all trying to get there |I thought that Debian was more security aware then i.e RedHat, but that's |not true. Even RedHat has split up netbase into sevral packages. RedHat has |a package called net-tools that together with the init-scripts are used to |configure the network. Than you have separated packages for all services |and applications like inetd, telnet and traceroute, etc. I think Debian |can do the same because package dependencis should sort out the rest for |the users/admins. Can you give a single refenece to a recent bug in inetd? It is rock stable and secure. Actually it *improving* your security. That's why Debian is using it. But if you don't want it, you can remove it from the startup as I described above. --JS
Re: inetd in netbase package
[2000-10-11] Magnus Sandberg wrote: IMHO it would be good to have inetd as its own package. This is already the case with woody - netbase has been split. (netbase still depends on netkit-inetd, at least until the dependencies of other packages have been updated to reflect the split.) http://www.debian.org/Packages/unstable/net/netkit-inetd.html -- Lee Maguire [EMAIL PROTECTED] traveling at the speed of time
Re: inetd in netbase package
On Wed, Oct 11, 2000 at 04:08:08PM +0200, Magnus Sandberg wrote: What happends if I remove /etc/rc2.d/S20inetd, will APT/dpkg recreate the link when I do a upgrade? Not sure whether is will get replaced if you completely delete the link, but if you use update-rc.d to disable inetd, it will do it in such a way that apt will not reenable it. -- Two words: Windows survives. - Craig Mundie, Microsoft senior strategist So does syphillis. Good thing we have penicillin. - Matthew Alton Geek Code 3.1: GCS d- s+: a- C++ UL++$ P L+++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r++ y+
Re: inetd in netbase package
On Wed, Oct 11, 2000 at 11:40:07AM -0500, Dave Sherohman wrote: On Wed, Oct 11, 2000 at 04:08:08PM +0200, Magnus Sandberg wrote: What happends if I remove /etc/rc2.d/S20inetd, will APT/dpkg recreate the link when I do a upgrade? Not sure whether is will get replaced if you completely delete the link, but if you use update-rc.d to disable inetd, it will do it in such a way that apt will not reenable it. Mostly true :) man update-rc.d says If any files /etc/rcrunlevel.d/[SK]??name already exist then update-rc.d does nothing. This is so that the system administrator can rearrange the links, provided that they leave at least one link remaining, without having their configuration overwritten. which means you should delete all the S??name links but leave at least one K??name link. This will prevent dpkg from enabling inetd during an upgrade. HTH, -- Nathan E Norman Eschew Obfuscation email:[EMAIL PROTECTED] http://incanus.net/~nnorman pgpKRyivs0lXJ.pgp Description: PGP signature
