xinetd, rsh, telnet not installed by default

[tygur]

Hello,
I recently performed a fresh install for Fedora 7 x86_64, selected all optional packages under every group but found, that xinetd did not get installed by default. After I installed it manually I discovered that the On-Demand Services Rexec, Rlogin, Rsh and Telnet where not there and had to install them manually.

My question is: is this now the default behavior of Fedora or am I missing something? I used the F-7-x86-64-DVD.iso to create the install media. I need to know as I am in charge of documenting our Linux install procedure.

Thank you in advance for any insight.

Allen Rongone

[stevea]

Yes, this is the default behavior. Most of the xinetd client services are either silly (echo, date, discard-stream) or they are insecure (tftp, ftp ,uucp, rcmd). Still a few are quite useful (git, rsync).

Same on F8.test3

[markkuk]

Telnet and the r* services are all major security risks, and shouldn't be used unless absolutely necessary. The safe alternative is SSH, which is installed by default.

[tygur]

Quote:

Originally Posted by stevea

Yes, this is the default behavior. Most of the xinetd client services are either silly (echo, date, discard-stream) or they are insecure (tftp, ftp ,uucp, rcmd). Still a few are quite useful (git, rsync).

Same on F8.test3

Thank you for the reply Steve. I agree, unfortunately we still have users who like the old ways. But it's good to get it clarified.

[PhillyFloyd]

^ ^ The reason they are controlled by xinetd is to reduce the security risks ... xinetd provides a lot of built in ACLs and checks, as well as logging of dropped UDP packets which makes a lot of those "r" commands secure enough to use in a production environment ...