[ On Monday, February 24, 2003 at 19:36:46 (-0500), Casey Shobe wrote: ] > Subject: RE: tcpserver > > Well, I'm using xinetd as a (hopefully) temporary solution. The security > issues are my primary concern for not wanting to use it. I prefer to run > everything as a standalone daemon if possible (i.e. sshd, httpd, xfs, etc.). > xinetd was easy enough to get working though, and I've currently got Amanda > working as a client on my server.
I don't know what kind of security you might be talking about, but for most purposes running one master internet daemon to handle all incoming service requests actually has a large number of fairly important security related advantages. > I also remember seeing a udpserver (based on tcpserver I think) months ago > somewhere, but I'm not sure of it's maturity, and can't seem to find it now. Maturity? What's that got to do with it? There are fundamental conceptual problems with trying to do what TCP Wrappers does with a datagram based server. You have to change your whole way of thinking about these things when you use connection-oriented services or even pseudo-connection style UDP servers. Maturity of fundamentally mis-concieved ideas doesn't help any. :-) If you really want to secure amanda then make sure your border firewalls all block traffic to all the ports where you run Amanda on. You could go one further by building an entirely separate and private subnet with separate physical interfaces to all your important servers and run Amanda only on that private network. That's what I do for my clients. > As mentioned, I've got a working setup now, but would be very interested in > hearing any possible alternatives to *inetd. The host system is linux. I have a version of *BSD inetd that's been gone over with a fairly fine-toothed comb and which may actually be portable enouch to build and work on linux.... -- Greg A. Woods +1 416 218-0098; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>