On Apr 18, 2017, at 6:39 PM, Steve Simon <steve@quintile.net> wrote:


On 18 Apr 2017, at 21:23, Stanley Lieber <sl@stanleylieber.com> wrote:



On Apr 18, 2017, at 4:12 PM, Kurt H Maier <khm@sciops.net> wrote:

As it stands, on an unconfigured 9front:

7/tcp   open  echo
9/tcp   open  discard
19/tcp  open  chargen
21/tcp  open  ftp
23/tcp  open  telnet
25/tcp  open  smtp
53/tcp  open  domain
110/tcp open  pop3
113/tcp open  ident
143/tcp open  imap
513/tcp open  login
993/tcp open  imaps
995/tcp open  pop3s


this is super grody.

This, too, is still a problem:


sl


Ah, I am still on the labs distort (sorry) - they used to prefix all the scripts in /rc/bin/service (and /rc/bin/service.auth) with a hash to make it invalid and thus disable that listener. To enable the service
The administrator then has to rename the entries they want to enable.

Perhaps that is different on 9 front.

I agree that listen can get over-excited starting server processes - I used to run many services facing
The sewer, sorry, internet, and script kiddies could bring listen down by hammering it. I have a distant memory that Erik changed his listen to restrict the number of children (perhaps per service) that it would start.

-Steve

I think all versions of listen do ignore scripts that begin with the ! character, but what we've been talking about here are two different but related problems:

1. Multiple systems sharing one disk who want to run (or not run) a different mix of services.

2. Tracking a sane default set of enabled services in the Mercurial repository.

Aiju's suggestion solves both.

Of course, it's easy to just disable all services by default (as khm and I have asked in the past: why do we enable services that are broken -- without further configuration -- by default?). The net effect of aiju's suggestion is analogous to the way cpurc sources /cfg/$sysname/cpurc: If nothing more specific is found, devolve to the defaults.

sl