> From: Paul Dufresne <[EMAIL PROTECTED]> >> For myself, rkhunter give warning about inetd. >> Looking to /etc/services, I found that Debian seems to like to have a >> very big file with all known services rather than just add the >> services needed. I don't even knows if other distributions does just >> add the needed services. > > That file is just a mapping of service names and ports, it has no relation > to services that are actually running.
Yes, I know. But as I see it, each mapping is like a *possible* door to the Internet. When there is so much, it become too hard to look at each door to see if there is a program behind, and if it does what it should. Moreover I now see that /etc/hosts.allow and /etc/hosts.deny are empty (well just comments), which means that it is open to everybody. Taken from http://en.wikipedia.org/wiki/Inetd : "the long list of services that inetd traditionally provided gave computer security experts pause. The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered. Unnecessary services were disabled and off by default became the mantra. It is not uncommon to find an /etc/inetd.conf with almost all the services commented out in a modern Unix distribution." This begin to look like a discussion for developper list however. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
