[buug] /etc/service

Rick Moen rick at linuxmafia.com
Sun Aug 6 00:01:23 PDT 2000

begin  Zeke Krahlin quotation:

> Another tip from my FreeNetCubs board. Does it sound like a good
> security measure, or too much on the brute-force side?

Neither.  It's a sign that somebody has no idea what the function of the 
/etc/services (not "/etc/service") file is, and is fooling around with
his system without reading relevant documentation.

> (I know Stoddard recommends a similar method for "/etc/indetd.conf".)

_That_ is a different matter entirely.  Zeke, at the risk of being a bit
rude:  Please tell your friends that they cannot expect to improve their
systems by acting on the basis of spurious analogies, without
understanding what the heck they're doing.  Obviously, somebody thought,
hey, this file is called "services"!  Let's comment things out, and that
should have the effect of disabling services.  This is cargo-cult system
administration, Zeke!

Here's a better idea:  Don't touch root-owned system files without
having some idea what the hell you're doing!  Let me say that again:
Don't touch root-owned system files without having some idea what the
hell you're doing!

Right.  Let's say you wanted to understand /etc/services.  What does the
manpage say?

     services is a plain ASCII file providing a mapping between
     friendly textual names for internet  services,  and  their
     underlying assigned port numbers and protocol types.
In other words, /etc/services is a lookup table that (e.g) lets you
(and sundry programs) use the word "telnet" instead of "23" to identify
the TCP port on which that service lives.  And the fact that there's a
line that maps the word "smtp" to TCP port 25 is what allows me to 
hold discussions with my copy of Exim (my system mailer) by typing

    telnet linuxmafia.com smtp

...instead of having to remember what numerical port the SMTP protocol
uses, and thus having to type

    telnet linuxmafia.com 25

So, it should be readily apparent that you will accomplish nothing
worthwhile -- nada, zip, rien du tout -- by commenting out lines of this 
lookup table.  All you're doing is shooting yourself in the foot, and
making your system less usable.  What you are _not_ doing is adding to
security in any way, since the numerical ports either have services 
running on them or not, depending on other system configuration details

Cheers,                              "Open your present...."
Rick Moen                            "No, you open your present...."
rick (at) linuxmafia.com             Kaczinski Christmas.
               --  Unabomber Haiku Contest, CyberLaw mailing list

More information about the buug mailing list