DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2008
bigb89 bigb89 is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 69
Thanked 1 Time in 1 Post
Default Runing vsftpd in standalone mode or with inetd?

Hi,

I just installed vsftpd and I saw that I have the options of running it in standalone mode or with inetd. I heard that inetd is not very secure and that's why I'm running vsftpd in standalone mode. So my question is: Which is more secure, running vsftpd in standalone mode or with inetd?
Reply With Quote
  #2   (View Single Post)  
Old 8th May 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

Probably via inetd, but the diference is minimal.

inetd (the internet daemon) is a single daemon that listens on multiple ports, and spawns processes to deal with connections that occur.
As inetd can end up running programs that you are unaware of, it is a source of security holes if you are not aware of what it is doing. inetd also handles on it's own several simple (and now largely unused) services, which could be security problems if there are unknown holes in it's decades-old code. That said, it can also be configured to run things like tcpwrappers which are good things that increase system security.

There is very little difference, security wise, to running a daemon standalone, and adding that daemon to an already running inetd. There are, however, performance and speed issues: inetd only spawns the process when it is needed, so the process does not consume resources when no one is using it. However, there is an overhead on each connection as inetd spawns a new process to handle it.
Generally, a heavily used service will be run standalone. An infrequently used service might be left on inetd's hands.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
  #3   (View Single Post)  
Old 8th May 2008
bigb89 bigb89 is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 69
Thanked 1 Time in 1 Post
Default

Thanks for the response.

I guess I'll keep on running vsftpd in standalone mode, since I can probably open other security wholes by using inetd.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure VSFTPD? Sunsawe FreeBSD Ports and Packages 8 26th September 2009 02:28 PM
VSFTPD Server Issues!! disappearedng FreeBSD General 5 24th October 2008 08:47 AM
VSFTPD SERVER disappearedng FreeBSD General 1 21st October 2008 04:12 AM
inetd, ftpd problems jsadm FreeBSD General 7 24th August 2008 08:33 PM
VSFTPd: pid file kostromin FreeBSD Ports and Packages 0 4th July 2008 08:35 AM


All times are GMT. The time now is 12:08 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick