[Wylug-help] Looking for a old UNIX console based comms app.

Nigel Metheringham Nigel.Metheringham at dev.InTechnology.co.uk
28 May 2003 09:25:58 +0100


On Tue, 2003-05-27 at 19:24, Dave Brotherstone wrote:
> On Tuesday 27 May 2003 3:37 pm, Nigel Metheringham wrote:
> > It requires a daemon or listener process under inetd to be run -- which
> > I have never enabled on any machine I've admined, so you might find it
> > non-functional on your systems.  Sun systems were so insecure that
> > running an extra daemon wasn't a security risk :-)
>
> Just out of interest, are you referring to inetd, or talk, that you don't
> enable?

I was specifically referring to talkd to not enable.  Although, other
than my personal machine (which tends to be used to try out all sorts of
things that I might not have elsewhere), I generally don't enable
(x)inetd either - the only services I would normally have listening are
mail related, sshd (absolutely vital) and maybe something webby - all of
those run as their own daemons rather than from inetd.

>  And, if it was inetd, (not wishing to go too much off on a tangent),
> is there an inetd style listener process that you do recommend, without the
> security problems?  Or are they just inherent from the fact that you're
> spawning processes off from an accept on a socket?

I'd normally use xinetd, but if there are no services I need to offer
out I wouldn't run any superserver at all.

Additionally I may (depending on the machine use context) firewall
everything not explicitly required out - using the netfilter stateful
checking you can produce a reasonable firewall configuration with a
single line (accept related/established connections) plus one line for
the loopback interface and a line for each incoming service.  This is
*so* much easier than the old ipchains stuff.

	Nigel.

--
[ Nigel Metheringham           Nigel.Metheringham@InTechnology.co.uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]