Subject: Re: inetd.conf defaults
To: Erik Fair <fair@clock.org>
From: Matthew <m@uk.com>
List: tech-net
Date: 05/28/2000 09:13:25
Hi,
This is a good thing - but for those who expect a new installation to
provide the same services as an earlier installation (non techie users)
will be confused. How about some option during installation to make a
'secure' installation - disabling 90-100% remote services that are
either a security consideration (rsh/rlogin) and others which are rarely
used (comsat/talk etc) and those that should really be configured first
(ftp) and those which should be restricted (telnet).
Could this lead to more security related installation-configuration
options?
summary:
user option to make a more secure installation
my 0.02c worth
-M
Erik Fair wrote:
>
> We have "shell" (rsh) and "login" (rlogin) turned on by default in
> /etc/inetd.conf. I think this is a bad default. I filed a PR on this
> issue some months ago, but there's been no movement. I can obviously
> commit the change to comment them out myself, but I want some
> discussion before I "just do it".
>
> This is going to tech-net rather than tech-security because I think I
> can guess that the security mavens (among whom I most often count
> myself) are supportive of such a change; I wanted a little wider
> exposure to people who are network mavens.
>
> What do you all think?
>
> Erik <fair@clock.org>