diff options
| author | pst <pst@FreeBSD.org> | 1996-10-02 03:52:58 +0000 |
|---|---|---|
| committer | pst <pst@FreeBSD.org> | 1996-10-02 03:52:58 +0000 |
| commit | 3a785907a312e66787aed7938e8814bf53c44477 (patch) | |
| tree | 3bd984b39626fefca3dcd8ff6310efe93e0de406 /etc/inetd.conf | |
| parent | 34e1d6fb5491a148dc01108ed694da08415fae7f (diff) | |
| download | FreeBSD-src-3a785907a312e66787aed7938e8814bf53c44477.zip FreeBSD-src-3a785907a312e66787aed7938e8814bf53c44477.tar.gz | |
In the brave new world, that that does not make us strong, kills us.
Turn OFF the "small servers" by default. FreeBSD systems should only
serve actively used programs. Jewels like chargen and echo are too
useful in attack scenarios.
Diffstat (limited to 'etc/inetd.conf')
| -rw-r--r-- | etc/inetd.conf | 66 |
1 files changed, 38 insertions, 28 deletions
diff --git a/etc/inetd.conf b/etc/inetd.conf index 23341e8..e79ee14 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -7,45 +7,55 @@ ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l telnet stream tcp nowait root /usr/libexec/telnetd telnetd shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind +finger stream tcp nowait nobody /usr/libexec/fingerd fingerd -s #exec stream tcp nowait root /usr/libexec/rexecd rexecd -uucpd stream tcp nowait root /usr/libexec/uucpd uucpd +#uucpd stream tcp nowait root /usr/libexec/uucpd uucpd #nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd -finger stream tcp nowait nobody /usr/libexec/fingerd fingerd -s -#tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot comsat dgram udp wait root /usr/libexec/comsat comsat -#talk dgram udp wait root /usr/old/talkd talkd ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd -#ident stream tcp wait root /usr/local/sbin/identd identd -w -t120 -echo stream tcp nowait root internal -discard stream tcp nowait root internal -#bootps dgram udp wait root /usr/libexec/bootpd bootpd /etc/bootptab -chargen stream tcp nowait root internal -daytime stream tcp nowait root internal -time stream tcp nowait root internal +#tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot +#bootps dgram udp wait root /usr/libexec/bootpd bootpd +# +# "Small servers" -- used to be standard on, but we're more conservative +# about things due to Internet security concerns. Only turn on what you +# need. +# +#daytime stream tcp nowait root internal +#daytime dgram udp wait root internal +#time stream tcp nowait root internal +#time dgram udp wait root internal +#echo stream tcp nowait root internal #echo dgram udp wait root internal -discard dgram udp wait root internal -#chargen dgram udp wait root internal -#daytime dgram udp wait root internal -#time dgram udp wait root internal +#discard stream tcp nowait root internal +#discard dgram udp wait root internal +#chargen stream tcp nowait root internal +#chargen dgram udp wait root internal +# # Kerberos authenticated services +# klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x kshell stream tcp nowait root /usr/libexec/rshd rshd -k rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd +# # Services run ONLY on the Kerberos server -# Neither of these work in FreeBSD 1.x. +# #krbupdate stream tcp nowait root /usr/libexec/registerd registerd -#kpasswd stream tcp nowait root /usr/libexec/kpasswdd kpasswdd -# -# RPC based services -# You MUST have portmapper running to use these! -#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd -#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd -#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld -#pcnfsd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.pcnfsd rpc.pcnfsd -#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad -#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd -# -# example entry for the pop3 server +#kpasswd stream tcp nowait root /usr/libexec/kpasswdd kpasswdd +# +# RPC based services (you MUST have portmapper running to use these) +# +#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd +#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd +#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld +#pcnfsd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.pcnfsd rpc.pcnfsd +#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad +#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd +# +# example entry for the optional pop3 server +# #pop3 stream tcp nowait root /usr/local/libexec/popper popper # +# example entry for the optional ident server +# +#ident stream tcp wait root /usr/local/sbin/identd identd -w -t120 |
