PDA

View Full Version : xinetd, rsh, telnet not installed by default



tygur
31st October 2007, 02:26 PM
Hello,
I recently performed a fresh install for Fedora 7 x86_64, selected all optional packages under every group but found, that xinetd did not get installed by default. After I installed it manually I discovered that the On-Demand Services Rexec, Rlogin, Rsh and Telnet where not there and had to install them manually.

My question is: is this now the default behavior of Fedora or am I missing something? I used the F-7-x86-64-DVD.iso to create the install media. I need to know as I am in charge of documenting our Linux install procedure.

Thank you in advance for any insight.

Allen Rongone

stevea
31st October 2007, 03:03 PM
Yes, this is the default behavior. Most of the xinetd client services are either silly (echo, date, discard-stream) or they are insecure (tftp, ftp ,uucp, rcmd). Still a few are quite useful (git, rsync).

Same on F8.test3

markkuk
31st October 2007, 03:08 PM
Telnet and the r* services are all major security risks, and shouldn't be used unless absolutely necessary. The safe alternative is SSH, which is installed by default.

tygur
31st October 2007, 03:11 PM
Yes, this is the default behavior. Most of the xinetd client services are either silly (echo, date, discard-stream) or they are insecure (tftp, ftp ,uucp, rcmd). Still a few are quite useful (git, rsync).

Same on F8.test3
Thank you for the reply Steve. I agree, unfortunately we still have users who like the old ways. But it's good to get it clarified.

PhillyFloyd
15th November 2007, 02:53 PM
^ ^ The reason they are controlled by xinetd is to reduce the security risks ... xinetd provides a lot of built in ACLs and checks, as well as logging of dropped UDP packets which makes a lot of those "r" commands secure enough to use in a production environment ...