# /etc/inetd.conf - "inetd" configuration file # License: BSD-style [for this file only] # Revision: 070818 #--------------------------------------------------------------------- # This file defines a set of Internet services to be supported by the # "inetd" daemon. Entries should be commented-out except where the # services are actually needed. #--------------------------------------------------------------------- # If you make changes to this file, either reboot your machine or send # "inetd" a HUP signal: # # killall -1 inetd # # "inetd" will re-read this file when it gets the signal. #--------------------------------------------------------------------- # Entry format: Examples: # # service_name ftp or nntp # sock_type stream or dgram # protocol tcp or udp # flags wait or nowait # user root or news # server_path (see below) # arguments (see below) # "server_path" may specify "/usr/sbin/tcpd" (the TCP Wrappers server) # or a real server (e.g., "/usr/sbin/in.bootpd"). # If "server_path" specifies the TCP Wrappers server, "arguments" will # be a name or pathname for a real server, followed by command-line # arguments (if any) for the real server. # If "server_path" specifies a real server, "arguments" will specify # command-line arguments (if any) for the "real" server. # Note: The entry format is slightly different for Sun RPC services. # For more information, see the Sun RPC section. #--------------------------------------------------------------------- # These eight entries should normally be commented out. They're used # primarily for debugging purposes. Additionally, they're potentially # risky from a security perspective. # echo stream tcp nowait root internal # echo dgram udp wait root internal # discard stream tcp nowait root internal # discard dgram udp wait root internal # daytime stream tcp nowait root internal # daytime dgram udp wait root internal # chargen stream tcp nowait root internal # chargen dgram udp wait root internal #--------------------------------------------------------------------- # Some standard services: # time stream tcp nowait root internal # time dgram udp wait root internal # telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vsftpd #--------------------------------------------------------------------- # If you need to check up on "telnet" users, use this: # # telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetsnoopd #--------------------------------------------------------------------- # This is for standard NNTP: # # nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd # If you want to read NNTP news via TERM, comment-out preceding "nntp" # entry. After TERM connection is running, use commands similar to the # following: # # set NNTPSERVER my.nntp.host # export NNTPSERVER # tredir 119 my.nntp.host:119 #--------------------------------------------------------------------- # This section contains entries for E-mail-related protocols. # Note: The "sendmail" entry here is for BSD sendmail, and the "rsmtp" # entry is for Smail. Don't uncomment more than one of these two SMTP # lines. # pop2 stream tcp nowait root /usr/sbin/tcpd in.pop2d # pop3 stream tcp nowait root /usr/sbin/tcpd in.pop3d # imap2 stream tcp nowait root /usr/sbin/tcpd imapd # smtp stream tcp nowait root /usr/sbin/tcpd sendmail -v # smtp stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsmtp -bs #--------------------------------------------------------------------- # Miscellaneous protocols: # comsat dgram udp wait root /usr/sbin/tcpd in.comsat # shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L # login stream tcp nowait root /usr/sbin/tcpd in.rlogind # exec stream tcp nowait root /usr/sbin/tcpd in.rexecd # talk dgram udp wait root /usr/sbin/tcpd in.talkd # ntalk dgram udp wait root /usr/sbin/tcpd in.talkd # uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l # write stream tcp nowait root /usr/sbin/tcpd in.writed # Note: The "comsat" daemon notifies the user of new mail if "biff" is # enabled. #--------------------------------------------------------------------- # Kerberos-authenticated services: # # klogin stream tcp nowait root /usr/sbin/tcpd rlogind -k # eklogin stream tcp nowait root /usr/sbin/tcpd rlogind -k -x # kshell stream tcp nowait root /usr/sbin/tcpd rshd -k # Services that run _only_ on a Kerberos server: # # krbupdate stream tcp nowait root /usr/sbin/tcpd registerd # kpasswd stream tcp nowait root /usr/sbin/tcpd kpasswdd #--------------------------------------------------------------------- # TFTP is used primarily for booting. Most sites run this only on # machines acting as "boot servers". # tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd # bootps dgram udp wait root /usr/sbin/tcpd in.bootpd #--------------------------------------------------------------------- # Finger, systat, and netstat give out user information that may be # valuable to "system crackers". Many sites choose to disable some or # all of these services to improve security. # Note: To see some of this information yourself, try: # # telnet localhost systat # and # telnet localhost netstat # finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd # systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx # netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a # IDENT is used for authentication: # # auth stream tcp wait nobody /usr/sbin/tcpd in.identd -w -t120 # An alternative IDENT entry that uses "bsidentd": # # auth stream tcp nowait nobody /usr/sbin/tcpd /usr/prod/bsidentd/sbin/bsidentd #--------------------------------------------------------------------- # These entries are for Samba, an SMB server: # # netbios-ssn stream tcp nowait root /usr/sbin/tcpd smbd # netbios-ns dgram udp wait root /usr/sbin/tcpd nmbd #--------------------------------------------------------------------- # Sun-RPC based services: # # rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd # rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd # walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld # Note that these entries use a slightly-different entry format: # # service-name slash version # sock_type # "rpc" slash protocol # flags # user # server_path # arguments # End of inetd.conf.