Tuning the Individual Services

For generic options that you want to apply to all services, the configuration file /etc/xinetd.conf is the best place to put them. Every service needs some configuration as well. If a service has its own configuration file in /etc/xinetd.d, the settings in this file will always overwrite the settings in /etc/xinetd.conf, if there's a conflict. In addition, every service needs some specific configuration options. The most important setting in these configuration files is the option disabled = yes, which is on by default. Since it is on by default, the service will not run until you remove this option or change it to disabled = no. In Listing 19-3 you can see what the configuration file for the systat service looks like.

Listing 19-3. Default Configuration File for the systat Service

# Finger, systat and netstat give out user information which may be

# valuable to potential "system crackers." Many sites choose to disable

# some or all of these services to improve security.

# Try "telnet localhost systat" and "telnet localhost netstat" to see that

# information yourself!

service systat {

disable = yes socket_type = stream protocol = tcp wait = no user = nobody server = /bin/ps server_args = -auwwx

Most options in this configuration file are the same as the options you've already seen for managing xinetd with YaST, so I won't go through them again. The only difference is the disable = yes option, which wasn't visible like this in YaST. I recommend keeping it that way, because systat really is something you don't want to be available on a modern network where security is a serious issue!

Was this article helpful?

0 0

Post a comment