ucspi-tcp or xinetd

Alexander E. Patrakov semzx at newmail.ru
Tue Jun 10 22:00:42 PDT 2003


On Wednesday 11 June 2003 10:41, Domitianus Prima Prayudi wrote:
> I'm beginner and in the process of setting up my LFS box to become my
> first experimental server.

Not a bad intention.

> Now i'm using qmail as my MTA and proftpd as my ftp daemon can anybody
> explain which one is better ucspi-tcp or xinetd, and how make them
> (qmail and proftpd) as secure as possible?

qmail is very secure by default. It's also very rigid without tons of patches. 
I can even say that it is configured by means of patches. Although I run it 
on my server, my next server will probably run something else. Maybe Postfix, 
although I have not tried it. And I really don't recommend using qmail on 
your server.

As for the ftp daemon, I received a directive from my boss: don't install it 
(and I agree). It can be replaced by the http daemon (for downloading) and 
sshd (for uploading files via sftp). Your opinion may be different.

As for ucspi-tcp vs xinetd: I really don't know. You may install both. It is 
recommended to run qmail from tcpserver (part of ucspi-tcp), but if you need 
some IPC services, you probably need xinetd. On my server, there is no 
xinetd.

You may also consider using stunnel to require the connections to your SMTP 
and POP3 servers to be made via SSL. I do so.

> One more thing, I have difficulties in configuring Linux-PAM (0.76), but
> my shadowpassword running well, does anyone could tell me where can I find
> good documentation about PAM ?

In the PAM source tarball. BTW, 0.76 it is not the latest version. And do you 
really need PAM?

> Thanks for the attention, and sorry for my bad english ...
Please post replies to blfs-support at linuxfromscratch.org since your mail 
contains a support question, not a security hole announcement.

-- 
Alexander E. Patrakov

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list