by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
0c09bcb0e8