warning in /var/log/messages

Craig White CraigWhite@AzApple.com
Wed, 17 May 2000 22:12:46 -0700


There are far more knowledgable on this list than I which is why I asked the
questions that I did - and got no response.

My belief was that the 'auth' service (identd) was designed to validate the
user but apparently, the security aspects were weak and underutilized.

Most of the services in inetd.conf are unnecessary and potential security
risks.
Jean Francois sent out a post to this message board a month or two ago that
discussed this but of course, I deleted it a few days ago...

therefore - the best advice I could give would be to comment out all that
you aren't certain that you need if the computer is exposed to the
internet - specifically you should comment out...finger,
rlogin/rshell/r-everything, auth, ftp, telnet, etc... anything that you need
to run should be blocked from the external interface using ipchains - that
is of course, unless you need to expose it then you better make sure that
it's up to date, covered by tcp wrappers and pray   ;-)

Craig

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ - CraigWhite@AzApple.com
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... - 6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Don
> Harrop
> Sent: Tuesday, May 16, 2000 10:15 AM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: warning in /var/log/messages
>
>
> Well, considering that this server isn't running named (I'm assuming that
> bind is the same thing... DNS) I went into the inetd.conf file
> and commented
> out the auth line and restarted the services.  That worked.  My only
> question now is why.  What does auth or identd do?  If it's not that great
> to have running by the inetd super server why would it be in there in the
> first place?
>
> Don
>
> Starved for knowledge, fed by an OS that provides it.... not hides it!
>
> > Actually, it seems that you are running bind on your system and you have
> > defined to Host names ("A" records) to the same ip address.
> Only one host
> > name should be assigned to ip address within bind and any other
> names that
> > you wish to use for this computer should be "CN" aka alias records.
> >
> > The real cause of your error message in the syslog is related to running
> the
> > 'auth' service within inetd.conf (comment the auth service out
> and send a
> > SIGHUP command) and then the identd service runs on its own pid.
> >
> > The greater minds on this message base might want to convince you either
> to
> > 1 - remove/disable auth from inetd or
> > 2 - disable auth aka identd altogether
> >
> > I would be interested in any comments that some might have regarding the
> > usefulness / necessity / security implications of running identd/auth
> > services. The book on Linux/OpenBSD firewalls that I just finished
> definitly
> > recommended to extinguish this service and to specifically REJECT (using
> > IPCHAINS) attempts to connect to this port so mail servers etc
> don't hang
> > you out to dry while waiting for a reply.
> >
> > Craig
>
>
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss