Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1892

Summary: Open Services.
Product: [Retired] Red Hat Linux Reporter: Wil Harris <wil>
Component: netkit-baseAssignee: Jay Turner <jturner>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-03-30 20:32:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Wil Harris 1999-03-30 18:59:36 UTC
Everything in the /etc/inetd.conf is open by default,
upgrade replaces any copies that have been edited to turn
off vunerable services(ie: imap) and other services that
could cause a compromise of security(rlogin, rshell,
finger). Perhaps the policy should be all services need to
be disabled by default, and force the user to enable them
either during the install, or by hand if they know what they
are and know they need them. It is a general rule, if you
dont know, dont use it. If the user knows they need an ftp
service then letting them turn it on would be better than a
user not knowing these services are on, and having to turn
them off would provide more in the lines of security for a
newly installed system than the current setup.

Comment 1 Preston Brown 1999-03-30 20:32:59 UTC
when you upgrade netkit-base from now on, /etc/inetd.conf will not get
overwritten.  Instead, if you have edited /etc/inetd.conf, the "new"
inetd.conf will be written to /etc/inetd.conf.rpmnew.  You are then
free to add any entries that you need to if you wish, and any services
you have turned off will not be turned back on automatically.