Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I came across a book recently that suggested that I disabled inetd or xinetd and run the daemons as their own process due to the possible insecurities of both super servers.
1) Is this viable?
2) How can I go about doing so?
I came across a book recently that suggested that I disabled inetd or xinetd and run the daemons as their own process due to the possible insecurities of both super servers.
1) Is this viable?
Sure. Both of them have had security problems in the past, so having one less internet daemon that can potentially be exploited is a good thing in general (same logic as shutting off un-necessary services). Though xinetd does do some cool things that can be used to improve your systems security. For example you can use hosts.allow/deny without having to depend on the application having it built in, it's ability to restrict access is much more flexible that with iptables, and much more. Plus on low traffic systems, xinetd will reduce the amount of resources consumed in having the indivual daemon processes up and listening for connections.
2) How can I go about doing so?
Turn off xinted. Configure the applications to run as a stand-alone process. On most recent versions of RedHat, only a few daemons run through xinted and these are potentially dangerous to run at all, so turning xinted off is recommended.
On a Redhat-ish system, you can just use chkconfig --list and it will produce a list of services and their status along with a sub-list at the bottom for xinetd and all the services that are configured to run through xinetd. Probably two of the more dangerous ones are chargen and echo which can be abused in a classic DoS attack.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.