On Tue, 22 Aug 2000, juergen.braukmann@ruhr-west.de wrote:
that includes telnet etc) and safe: just the safe services (ssh et all). That would mean including 3 versions of inetd.conf and rc.config, each with a short description of the differences/potential problems. That
good in theory but... Say, you select "secure inetd" and you select "Apache". secure inetd will close port 80. Apache needs port 80. Hmmm. Either Apache would auto select "less secure inetd.conf" or apache / httpd / THE HELP SYSTEM would not work. Lot's of fun for the newbe that sais "I want it secure, but why does help not work"
(Sorry for the late entry to this thread - I am catching up on a full mailbox) I think your example is wrong at least for 6.3 I activated the help system using rc.config. httpd ports are disabled in inetd.conf. But 6.3 and 5.3 YaST1 can run httpd as a daemon in runlevel 2 - so port 80 remains open all the time. Running httpd this normal way means it is not protected by inetd.conf or hosts.deny. Try it out. I think there is more than one rc.config option so you are correct, it would be easy to confuse a newbie and make help fail. BTW - I know I can protect my help system daemon with a firewall packet filter and with inetd/tcpd. I only want it to work for localhost - everyone else should see dropped connections ideally. But is there an application level way to protect it also - in case my firewall fails? dproc