[Wylug-help] Looking for a old UNIX console based comms app.

Dave Brotherstone davegb at pobox.com
Wed, 28 May 2003 09:47:47 +0000


> > On Tuesday 27 May 2003 3:37 pm, Nigel Metheringham wrote:
> > > It requires a daemon or listener process under inetd to be run -- which
> > > I have never enabled on any machine I've admined, so you might find it
> > > non-functional on your systems.  Sun systems were so insecure that
> > > running an extra daemon wasn't a security risk :-)
> >
> > Just out of interest, are you referring to inetd, or talk, that you don't
> > enable?
>
> I was specifically referring to talkd to not enable.  Although, other
> than my personal machine (which tends to be used to try out all sorts of
> things that I might not have elsewhere), I generally don't enable
> (x)inetd either - the only services I would normally have listening are
> mail related, sshd (absolutely vital) and maybe something webby - all of
> those run as their own daemons rather than from inetd.
>

Completely agree - web / mail I always run as daemons.  FTP, which tends to
get used very infrequently on boxes I administer, I tend to run off xinetd,
and of course firewall everything else off.

> Additionally I may (depending on the machine use context) firewall
> everything not explicitly required out - using the netfilter stateful
> checking you can produce a reasonable firewall configuration with a
> single line (accept related/established connections) plus one line for
> the loopback interface and a line for each incoming service.  This is
> *so* much easier than the old ipchains stuff.

Iptables is a vast improvement on ipchains,  I trained a few people on
chains/tables, and tables was a *lot* easier to teach than chains.

I tend to mask off outgoing SMTP connections, apart from the boxes that
actually need it - there was a virus a little while ago (probably still out
there), that has its own SMTP code, and makes direct connections out, if it
can.

Dave.