LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-05-2009, 01:16 PM   #1
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Rep: Reputation: 46
do I need these inetd.conf options


Ladies & Gents,

I am in the process of setting up a new linux firewall and the instructions I am following tell me to disable the services I don't need in /etc/initd.conf file.

I have these three uncommented lines in said file.

server:user = nobody
protocol:extensions = enabled
protocol:multiquery = enabled

This firewall is going to be my primary firewall setting between my cable modem and my network. Is there any real reason I need to leave these enabled? I should not be getting any connections to this machine from anywhere except my lan.

Ok. I have discovered that the nobody user account is used so that the new process that are started are not run as root. That is as good thing. Now to find out the default permissions for nobody.

What about the extensions and multiquery options? Do I really need these options for a firewall/dns/nat machine? I can understand the multiquery being useful but I have my doubts about the extensions option.

So far google has not been much help.

Also are there any ipv6 things I need to be aware of with this file?

Thanks
 
Old 01-05-2009, 02:14 PM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
Do you plan on actually using the functions provided by inetd (I.E. starting daemons on network request, rather than running them all the time)? If not, you can simply disable inetd all together.

Modern hardware is powerful enough that running daemons full time is not going to greatly impact system performance (especially if they are idle), so there is little reason to start and stop them on remote requests.

If this is a firewall, it sounds like you don't want many (if any) remotely accessible daemons running anyway.
 
Old 01-05-2009, 03:35 PM   #3
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Original Poster
Rep: Reputation: 46
Thanks MS3FGX

I don't think that I need to be starting deamons and what not for the most part from this machine. I do want to be able to log into it from my lan via ssh and I think I want to use webmin to monitor it to start with.

You mention disabling inetd. How would I do that? If I did disable it then to login I would have to leave ssh running all the time. Is that really wise?

That leads me to another question, how do I cause these deamons to run continually? Should I decide to take that route.
 
Old 01-05-2009, 05:19 PM   #4
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
SSH is already going to be running all the time anyway. I don't have a Debian machine on hand right now to check it's defaults, but generally the only daemons that are started from inetd would be Telnet, chargen, time, ntalk, plus some non-essential things like SWAT and maybe your FTP daemon.

The more advanced services like Apache, NFS, Samba, SSH, etc, etc all have their own boot scripts and are started and stopped independently of each other.

You can simply remove the inetd package, or else just delete the inetd scripts from your current runlevel under "/etc/rcX". It could also be disabled with the following command (if memory serves):

Code:
sudo update-rc.d -f inetd remove
 
Old 01-05-2009, 06:16 PM   #5
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 921

Original Poster
Rep: Reputation: 46
Thank again.

Due to your insite I have just uninstalled it. Problem solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
inetd.conf and xinetd.conf files are missing Swagata Paul Linux - Software 2 07-02-2008 04:12 AM
inetd.conf versus xinetd.conf jedimastermopar Red Hat 1 07-23-2007 03:17 PM
How do I determine which servers in Slack 11 are monitored by inetd / inetd.conf Old_Fogie Slackware 2 11-25-2006 02:06 PM
convert from inetd.conf to xinetd.conf linuxturtle Linux - Networking 7 11-12-2003 05:23 AM
/etc/inetd.conf RUN Linux - General 6 07-14-2002 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration