Inetd

This is the Internet daemon which runs various services on demand when requests are detected on well-known ports.

/etc/inetd.conf:

You may want to disallow any services that you don't need. Examples are the finger, cfinger, etc. suite of utilities.

Probably should turn on one or other of the mail services (either pop-2 and pop-3 or imap), depending on which one you want to use.

The Web-based linux configuration program, linuxconf, may be useful.

As a general rule, do not run any service from inetd that has a service number greater than 1023 in /etc/services.

Here is a sample inetd.conf:

     #
     # inetd.conf     This file describes the services that will be available
     #          through the INETD TCP/IP super server.  To re-configure
     #          the running INETD process, edit this file, then send the
     #          INETD process a SIGHUP signal.
     #
      Version:     @()/etc/inetd.conf     3.10     05/27/93
     #
     # Authors:     Original taken from BSD UNIX 4.3/TAHOE.
     #          Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
     #
     # Modified for Debian Linux by Ian A. Murdock <imurdock@shell.portal.com>
     #
     # Modified for RHS Linux by Marc Ewing <marc@redhat.com>
     #
     # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
     #
     # Echo, discard, daytime, and chargen are used primarily for testing.
     #
     # To re-read this file after changes, just do a 'killall -HUP inetd'
     #
     echo      stream   tcp   nowait   root        internal
     echo      dgram    udp   wait     root        internal
     discard   stream   tcp   nowait   root        internal
     discard   dgram    udp   wait     root        internal
     daytime   stream   tcp   nowait   root        internal
     daytime   dgram    udp   wait     root        internal
     chargen   stream   tcp   nowait   root        internal
     chargen   dgram    udp   wait     root        internal
     time      stream   tcp   nowait   root        internal
     time      dgram    udp   wait     root        internal
     #
     # These are standard services.
     #
     ftp       stream   tcp   nowait   root        /usr/sbin/tcpd in.ftpd -l -a
     telnet    stream   tcp   nowait   root        /usr/sbin/tcpd in.telnetd
     #
     # Shell, login, exec, comsat and talk are BSD protocols.
     #
     shell     stream   tcp   nowait   root        /usr/sbin/tcpd in.rshd
     login     stream   tcp   nowait   root        /usr/sbin/tcpd in.rlogind
     #exec     stream   tcp   nowait   root        /usr/sbin/tcpd in.rexecd
     #comsat   dgram    udp   wait     root        /usr/sbin/tcpd in.comsat
     #talk     dgram    udp   wait     nobody.tty  /usr/sbin/tcpd in.talkd
     #ntalk    dgram    udp   wait     nobody.tty  /usr/sbin/tcpd in.ntalkd
     #dtalk    stream   tcp   wait     nobody.tty  /usr/sbin/tcpd in.dtalkd
     #
     # Pop and imap mail services et al
     #
     pop-2     stream   tcp   nowait   root        /usr/sbin/tcpd ipop2d
     pop-3     stream   tcp   nowait   root        /usr/sbin/tcpd ipop3d
     #imap     stream   tcp   nowait   root        /usr/sbin/tcpd imapd
     #
     # The Internet UUCP service.
     #
     #uucp     stream   tcp   nowait   uucp        /usr/sbin/tcpd \
     #                                               /usr/lib/uucp/uucico -l
     #
     # Tftp service is provided primarily for booting.  Most sites run this
     # only on machines acting as "boot servers." Do not uncomment this
     # unless you need it.
     #
     #tftp     dgram    udp   wait     root        /usr/sbin/tcpd in.tftpd
     #bootps   dgram    udp   wait     root        /usr/sbin/tcpd bootpd
     #
     # Finger, systat and netstat give out user information which may be
     # valuable to potential "system crackers."  Many sites choose to disable
     # some or all of these services to improve security.
     #
     #finger   stream   tcp   nowait   nobody      /usr/sbin/tcpd in.fingerd
     #cfinger  stream   tcp   nowait   root        /usr/sbin/tcpd in.cfingerd
     #systat   stream   tcp   nowait   guest       /usr/sbin/tcpd /bin/ps -auwwx
     #netstat  stream   tcp   nowait   guest       /usr/sbin/tcpd \
     #                                                 /bin/netstat -f inet
     #
     # Authentication
     #
     auth      stream   tcp   wait     root        /usr/sbin/in.identd \
                                                     in.identd -e -o
     #
     # Linux configuration via HTTP.
     #
     linuxconf stream   tcp   wait     root        /bin/linuxconf linuxconf --http
     #
     # Rsync server.
     #
     rsync     stream   tcp   nowait   root        /usr/bin/rsync rsync --daemon
     #
     # End of inetd.conf