diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2001-08-02 02:19:56 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2001-08-02 02:19:56 +0000 |
| commit | f2419a7154f99ed64507efb720aec2acd3e8f0a7 (patch) | |
| tree | aea9c0182b17935cecde3b1058c6d1c69dad15ee /usr.sbin/traceroute6 | |
| parent | d51456f800b010916787093d11d416f8d01af1c2 (diff) | |
| download | src-f2419a7154f99ed64507efb720aec2acd3e8f0a7.tar.gz src-f2419a7154f99ed64507efb720aec2acd3e8f0a7.zip | |
Default to disabling all inetd.conf entries, in particular, telnetd
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
Notes
Notes:
svn path=/head/; revision=81020
Diffstat (limited to 'usr.sbin/traceroute6')
0 files changed, 0 insertions, 0 deletions