Inetd Configuration Examples

By default, Linux distributions are shipped with a generous set of daemons in the inetd.conf file. Consider, for instance, the standard /etc/inetd.conf file that is shipped with the SuSE 7.0 distribution, as shown in Listing 4.2. (The comment lines in this etc/inetd.conf file have been removed for simplicity.)

Listing 4.2 A typical default /etc/inetd.conffile

http-rman stream tcp nowait.10000 nobody /usr/sbin/tcpd^ /usr/sbin/http-rman swat stream tcp nowait.400 root /usr/sbin/swat swat

The system administrator has some work to do on this file. First of all, very few Linux servers need to provide time services, and the talk/ntalk services are of questionable use for most of today's server installations. The same applies to the finger service. The POP3 daemon should only be present if your server is meant to house user mailboxes, and I recommend that such a server be dedicated exclusively to that purpose.

Both the shell and login services are RPC-based daemons, and, along with the telnet and ftp services, they should be replaced with a secure equivalent, like Secure Shell (ssh). The ssh application is discussed in detail in Chapter 12, "Virtual Private Networking."

http-rman is a tool that converts Linux man-format manual pages to HTML on the fly for real-time perusal via a Web server. Finally, the swat service is the Samba Web Administration Tool (SWAT). If you have a legitimate need for either of these services, be sure that TCP Wrappers is properly configured to restrict their access to only authorized clients. Make sure you see the following response from this grep command:

[ramon]$ grep http-rman /etc/hosts.allow http-rman : ALL EXCEPT LOCAL

The syntax of the /etc/hosts.[allow|deny] file is described in the "TCP Wrappers" section later in this chapter.

Continue reading here: Disabling rhosts authentication

Was this article helpful?