Univention Bugzilla – Bug 42109
Remove time protocol / service / ports
Last modified: 2017-04-04 18:28:44 CEST
UCS 4.1 still offers "time" on port 37, started via inetd: > tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 3928/inetd > tcp6 0 0 :::37 :::* LISTEN 3928/inetd AFAIK "time" is an archaic protocol and has been superseded by ntp (port 137). We should disable the service and close the ports in univention-firewall.
Workaround: update-inetd --remove time
# grep -n -A1 -B1 inetd /var/lib/dpkg/info/univention-role-server-common.postinst 33-if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt 7.0.15-2; then 34: update-inetd --remove time 35: echo "time stream tcp4 nowait root internal" >> /etc/inetd.conf 36: echo "time stream tcp6 nowait root internal" >> /etc/inetd.conf 37: invoke-rc.d openbsd-inetd restart 38-fi We simply should remove it and the firewall rule - it was explicitly added by Bug #15782 in UCS-2.3
Ok, the current "echo" code was introduced via Bug 25456 (ipv6). Current firewall rules are from Bug 23577. All of this is removed. During updates univention-base-files.postinst unsets security/packetfilter/package/univention-base-files/tcp/37/all if it is still set to the default value of ACCEPT. Package: univention-server Version: 12.0.0-9A~4.2.0.201703091537 Branch: ucs_4.2-0 Package: univention-base-files Version: 6.0.0-9A~4.2.0.201703091554 Branch: ucs_4.2-0 Changelog adjusted.
(In reply to Arvid Requate from comment #3) > Ok, the current "echo" code was introduced via Bug 25456 (ipv6). > > Current firewall rules are from Bug 23577. > > All of this is removed. OK > During updates univention-base-files.postinst unsets > security/packetfilter/package/univention-base-files/tcp/37/all if it is > still set to the default value of ACCEPT. OK > Package: univention-server > Version: 12.0.0-9A~4.2.0.201703091537 > Branch: ucs_4.2-0 OK > Package: univention-base-files > Version: 6.0.0-9A~4.2.0.201703091554 > Branch: ucs_4.2-0 OK > Changelog adjusted. OK
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".