3b31fc2963
Add comments, mostly borrowed from ftp-proxy(8), showing how to set up up.
Improved & OK'd by dhartmei@, david@, millert@.
21 years ago
cd6a01341f
no rpc by default
22 years ago
d281062060
5 new uid/gid sets; millert ok
22 years ago
d230ad86d5
go back to running these as root from inetd. however once rpc.{rusersd,rstatd}
starts, do a chroot to /var/empty and change to user nobody.
hi mom, i'm in jail!
22 years ago
c2f347299e
try to avoid DNS here
22 years ago
950d3e558c
space nits
22 years ago
b05f19e325
Not that kvm parts are removed, run rpc.rstatd and rpc.rusers as
nobody. While I do not like running things as nobody since the step
up is very small, we use this for other daemons in inetd. And it is
still a small step.
22 years ago
499339881f
rlogind and rexecd are history
22 years ago
06d03c8505
localhost:comsat appears to work. might be DNS issues, but only if we deploy it can we see such issues
22 years ago
96b328cf74
make tftpd address family independent.
23 years ago
297915e472
popa3d pieces
23 years ago
fd98026eca
Remove the -o flag from identd's default invocation as it serves only to
obfuscate, and confuses some software.
derradt + millert concur.
23 years ago
2b78187370
integrate IPv6 items into the list of IPv4 items, to avoid
them from going out of sync (like additional option flag to daemon).
24 years ago
06b933f507
add identd example for tcp6
24 years ago
288ce11016
disable talkd and fingerd by default, what the heck, they are less used these days
24 years ago
8524fc7ded
add rshd/rlogind for tcp6 cases.
25 years ago
4b673feb6c
add fingerd on tcp6.
25 years ago
92a3c9b9a1
add telnetd on tcp6 (commented out).
25 years ago
cb12c6c9ab
sample entry for IPv6 ftp.
25 years ago
7cccb380a7
disable telnet/ftp/login by default, for now
25 years ago
cf189c936d
rsh off by default
25 years ago
8792aead82
squish program args together more
26 years ago
c2f62299dc
remove unused kerberos entries
26 years ago
104c0def80
run fingerd -m by default
26 years ago
69c45eda3e
the -x option to rshd does not exist
26 years ago
3dd2d97740
identd should be nowait.
26 years ago
92a12c7439
to inetd, nobody.nobody == nobody, since it does an initgroups()
26 years ago
0145750217
take away gid kmem for identd and change to options appropriate for new version
26 years ago
0144e4e7b1
add #kx; and reindent what art failed to indent!
27 years ago
7f20dac448
add encrypted rsh and kauthd (kerberos)
27 years ago
b5ae80d53c
disable kerberos login tools by default
27 years ago
e9dbef75ef
Take out smtp line - users can add if needed
27 years ago
89821a6907
Flags and startup for smtpd/smtpfwdd - not enabled by default.
27 years ago
802b0aec8f
use group nobody for fingerd
27 years ago
04cd71d041
even more local services must die
27 years ago
c8f783fe77
do not suggest mountd can run out of inetd.conf; the code was never finished
28 years ago
afae300ef9
By default, run telnetd with -k (no auto kludge)
28 years ago
585a5af8bb
trash other internal udp spoofable serviecs by default
28 years ago
3de83523e6
disable udp echo/chargen by default; avoid DOS attacks
28 years ago
6c448230bf
We support vesion 1 of rusers too now
28 years ago
852ba5855f
fingerd -ls; shut down tftp
28 years ago
5f555cbf96
ftpd -US; create /var/log/ftpd for wu-style log files
28 years ago
9750d56216
explicitly run identd as nobody.kmem; this solves ptrace problem too
28 years ago
b2c814cbb7
ftpd -Ul
28 years ago
2e7a57df09
default to logging rsh connections
28 years ago
c8a37c7003
sync & label
28 years ago
a02728aa34
Identd ras as nobody.kmem. Changed it to root.
Running anything as nobody.kmem allows any "nobody" process to get into
the kmem group through ptrace(). Kmem is a privileged enough group that
we might as well just run identd as root.
29 years ago
367486d815
there is no such thing as "nntpd"
also, always enable identd -- many things expect it now
29 years ago
2968c34493
Enable non-master kerberos services by default
29 years ago
9529688a2e
enable tftp as it has security builtin;
disable walld/1 by default for security (as pointed out by Chris Cappuccio)
29 years ago
ian