Feb ?? ??:??:?? ?????????? inetd[???]: execv /usr/sbin/in.identd: Permission
denied
Why do I get this. Is this a result of someone probing my machine or
something else. Is it cause for concern?
Thanks,
John Marasco
IDENT is used to find out who on a timesharing system initiated a
connection. Many servers (especially SMTP servers) log this information,
so they make a connection back to the client system's IDENT port.
You're probably getting the error message because your in.identd binary
doesn't have execute permission. If you don't want to run the IDENT
service you should comment it out of /etc/inetd.conf rather than changing
the permissions.
--
Barry Margolin, bar...@bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
Next, how do you go about determining which files in /usr/sbin need to be
run by outside (non-root) process, and which do not. I set them all to 700
in the hopes of making my computer more secure (I guess that was not to
bright). This computer is only a firewall for my cable modem. I do not get
mail on it, nor do I use it for and mail related activities. Is there some
sort of known security hole in ident, is someone trying to find an open
port, or is something else entirely going on?
Once again, thanks for the original reply. I really appreciate everyone's
help with this. I just don't want my computer used for any attacks (on me
or anyone else).
Sincerely,
John Marasco
Unless a program is setuid or setgid, no security is gained by restricting
access to it, since it can't do anything the user couldn't do all by
himself. If a program is setuid, you need to check its documentation to
determine if it does something users should be allowed to do. There have
been some occasional screwups, but for the most part the default
permissions on Unix executables are safe.
But if you set it to 700, it should have been executable by root, which is
who should be specified as the user in its inetd.conf entry. The error you
got indicates that either you changed the username in inetd.conf (rather
than just removing the entry?) or you set permissions to 600 or 400.
>bright). This computer is only a firewall for my cable modem. I do not get
>mail on it, nor do I use it for and mail related activities. Is there some
>sort of known security hole in ident, is someone trying to find an open
>port, or is something else entirely going on?
Is it doing masquerading? Then when the machines behind the firewall make
connections, they appear to be coming from the firewall itself. So when
you send mail, the mail server will try to connect to the ident port on the
firewall.
It could also be a port scan. Cable modem and DSL users are scanned
frequently, since they're always connected.
Barry Margolin <bar...@bbnplanet.com> writes:
>But if you set it to 700, it should have been executable by root, which is
>who should be specified as the user in its inetd.conf entry. The error you
>got indicates that either you changed the username in inetd.conf (rather
>than just removing the entry?) or you set permissions to 600 or 400.
Identd typically doesn't run as root but rather as "sys" or some
other user that's restricted to "just" reading kernel memory.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.