Hello all,
I am trying to make darn sure my Fuel is secure as my port 80 is open to http calls. I have been reading documentation about inetd.conf but am afraid to shut down some of these services. Do any of you have services in inetd.conf commented out? Below is my current inetd.conf file. I uncomment the bootp and tftpd lines when I am net booting. Any insight is appreciated.
I am trying to make darn sure my Fuel is secure as my port 80 is open to http calls. I have been reading documentation about inetd.conf but am afraid to shut down some of these services. Do any of you have services in inetd.conf commented out? Below is my current inetd.conf file. I uncomment the bootp and tftpd lines when I am net booting. Any insight is appreciated.
Code:
ftp stream tcp nowait root /usr/etc/ftpd ftpd -l
telnet stream tcp nowait root /usr/etc/telnetd telnetd
shell stream tcp nowait root /usr/etc/rshd rshd -L
login stream tcp nowait root /usr/etc/rlogind rlogind
exec stream tcp nowait root /usr/etc/rexecd rexecd
finger stream tcp nowait guest /usr/etc/fingerd fingerd -L
# http stream tcp nowait nobody ?/var/www/server/httpd httpd
# wn-http stream tcp nowait nobody ?/var/www/server/wn-httpd -f /var/www/conf/httpd.conf
sgi-dgl stream tcp nowait root/rcv /usr/etc/dgld dgld -IM -tDGLTSOCKET
ftp stream tcp6 nowait root /usr/etc/ftpd ftpd -l
telnet stream tcp6 nowait root /usr/etc/telnetd telnetd
shell stream tcp6 nowait root /usr/etc/rshd rshd -L
login stream tcp6 nowait root /usr/etc/rlogind rlogind
finger stream tcp6 nowait guest /usr/etc/fingerd fingerd -S
#bootp dgram udp wait root /usr/etc/bootp bootp
#bootp dgram udp wait root /usr/etc/dhcp_bootp dhcp_bootp -o /etc/config/dhcp_bootp.options
#tftp dgram udp wait guest /usr/etc/tftpd tftpd
ntalk dgram udp wait root /usr/etc/talkd talkd
tftp dgram udp6 wait guest /usr/etc/tftpd tftpd
#-s /usr/local/boot /usr/etc/boot
tcpmux stream tcp nowait root internal
echo stream tcp nowait root internal
discard stream tcp nowait root internal
chargen stream tcp nowait root internal
daytime stream tcp nowait root internal
time stream tcp nowait root internal
echo stream tcp6 nowait root internal
discard stream tcp6 nowait root internal
chargen stream tcp6 nowait root internal
daytime stream tcp6 nowait root internal
time stream tcp6 nowait root internal
echo dgram udp wait root internal
discard dgram udp wait root internal
chargen dgram udp wait root internal
daytime dgram udp wait root internal
time dgram udp wait root internal
echo dgram udp6 wait root internal
discard dgram udp6 wait root internal
chargen dgram udp6 wait root internal
daytime dgram udp6 wait root internal
time dgram udp6 wait root internal
#uucp stream tcp nowait root /usr/lib/uucp/uucpd uucpd
#
# RPC-based services
# These use the portmapper instead of /etc/services.
#
rstatd/1-3 dgram rpc/udp wait root /usr/etc/rpc.rstatd rstatd
walld/1 dgram rpc/udp wait root /usr/etc/rpc.rwalld rwalld
rusersd/1 dgram rpc/udp wait root /usr/etc/rpc.rusersd rusersd
rquotad/1 dgram rpc/udp wait root /usr/etc/rpc.rquotad rquotad
sprayd/1 dgram rpc/udp wait root /usr/etc/rpc.sprayd sprayd
#bootparam/1 dgram rpc/udp wait root /usr/etc/rpc.bootparamd bootparam
#ypupdated and rexd are somewhat insecure, and not really necessary
#ypupdated/1 stream rpc/tcp wait root /usr/etc/rpc.ypupdated ypupdated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam updated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam updated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam fam
#sgi_toolkitbus/1 stream rpc/tcp wait root/rcv /usr/etc/rpc.toolkitbus toolkitbusd
sgi_snoopd/1 stream rpc/tcp wait root ?/usr/etc/rpc.snoopd snoopd
sgi_pcsd/1 dgram rpc/udp wait root ?/usr/etc/cvpcsd pcsd
sgi_pod/1 stream rpc/tcp wait root ?/usr/etc/podd podd
sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd
sgi_espd/1 stream rpc/tcp wait root ?/usr/etc/rpc.espd espd
sgi-esphttp stream tcp wait root /usr/etc/esphttpd esphttpd -u300
# ToolTalk Database Server
ttdbserverd/1 stream rpc/tcp wait root ?/usr/etc/rpc.ttdbserverd rpc.ttdbserverd
#
# TCPMUX based services
#
# Impressario network scanning support
tcpmux/sgi_scanner stream tcp nowait root ?/usr/lib/scan/net/scannerd scannerd
# Printer daemon for passing client requests to lpsched
tcpmux/sgi_printer stream tcp nowait root ?/usr/lib/print/printerd printerd
# System administration server
tcpmux/sgi_sysadm stream tcp nowait root ?/usr/sysadm/bin/sysadmd sysadmd
#SGI DMF Distributed Command Feature dmusrcmd service
tcpmux/sgi_dmusrcmd stream tcp nowait root ?/usr/etc/dmusrcmd /usr/etc/dmusrcmd
[/code]
telnet stream tcp nowait root /usr/etc/telnetd telnetd
shell stream tcp nowait root /usr/etc/rshd rshd -L
login stream tcp nowait root /usr/etc/rlogind rlogind
exec stream tcp nowait root /usr/etc/rexecd rexecd
finger stream tcp nowait guest /usr/etc/fingerd fingerd -L
# http stream tcp nowait nobody ?/var/www/server/httpd httpd
# wn-http stream tcp nowait nobody ?/var/www/server/wn-httpd -f /var/www/conf/httpd.conf
sgi-dgl stream tcp nowait root/rcv /usr/etc/dgld dgld -IM -tDGLTSOCKET
ftp stream tcp6 nowait root /usr/etc/ftpd ftpd -l
telnet stream tcp6 nowait root /usr/etc/telnetd telnetd
shell stream tcp6 nowait root /usr/etc/rshd rshd -L
login stream tcp6 nowait root /usr/etc/rlogind rlogind
finger stream tcp6 nowait guest /usr/etc/fingerd fingerd -S
#bootp dgram udp wait root /usr/etc/bootp bootp
#bootp dgram udp wait root /usr/etc/dhcp_bootp dhcp_bootp -o /etc/config/dhcp_bootp.options
#tftp dgram udp wait guest /usr/etc/tftpd tftpd
ntalk dgram udp wait root /usr/etc/talkd talkd
tftp dgram udp6 wait guest /usr/etc/tftpd tftpd
#-s /usr/local/boot /usr/etc/boot
tcpmux stream tcp nowait root internal
echo stream tcp nowait root internal
discard stream tcp nowait root internal
chargen stream tcp nowait root internal
daytime stream tcp nowait root internal
time stream tcp nowait root internal
echo stream tcp6 nowait root internal
discard stream tcp6 nowait root internal
chargen stream tcp6 nowait root internal
daytime stream tcp6 nowait root internal
time stream tcp6 nowait root internal
echo dgram udp wait root internal
discard dgram udp wait root internal
chargen dgram udp wait root internal
daytime dgram udp wait root internal
time dgram udp wait root internal
echo dgram udp6 wait root internal
discard dgram udp6 wait root internal
chargen dgram udp6 wait root internal
daytime dgram udp6 wait root internal
time dgram udp6 wait root internal
#uucp stream tcp nowait root /usr/lib/uucp/uucpd uucpd
#
# RPC-based services
# These use the portmapper instead of /etc/services.
#
rstatd/1-3 dgram rpc/udp wait root /usr/etc/rpc.rstatd rstatd
walld/1 dgram rpc/udp wait root /usr/etc/rpc.rwalld rwalld
rusersd/1 dgram rpc/udp wait root /usr/etc/rpc.rusersd rusersd
rquotad/1 dgram rpc/udp wait root /usr/etc/rpc.rquotad rquotad
sprayd/1 dgram rpc/udp wait root /usr/etc/rpc.sprayd sprayd
#bootparam/1 dgram rpc/udp wait root /usr/etc/rpc.bootparamd bootparam
#ypupdated and rexd are somewhat insecure, and not really necessary
#ypupdated/1 stream rpc/tcp wait root /usr/etc/rpc.ypupdated ypupdated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam updated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam updated
#rexd/1 stream rpc/tcp wait root /usr/etc/rpc.rexd rexd
sgi_videod/1 stream rpc/tcp wait root ?/usr/etc/videod videod
sgi_fam/1-2 stream rpc/tcp wait/lc root ?/usr/etc/fam fam
#sgi_toolkitbus/1 stream rpc/tcp wait root/rcv /usr/etc/rpc.toolkitbus toolkitbusd
sgi_snoopd/1 stream rpc/tcp wait root ?/usr/etc/rpc.snoopd snoopd
sgi_pcsd/1 dgram rpc/udp wait root ?/usr/etc/cvpcsd pcsd
sgi_pod/1 stream rpc/tcp wait root ?/usr/etc/podd podd
sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd
sgi_espd/1 stream rpc/tcp wait root ?/usr/etc/rpc.espd espd
sgi-esphttp stream tcp wait root /usr/etc/esphttpd esphttpd -u300
# ToolTalk Database Server
ttdbserverd/1 stream rpc/tcp wait root ?/usr/etc/rpc.ttdbserverd rpc.ttdbserverd
#
# TCPMUX based services
#
# Impressario network scanning support
tcpmux/sgi_scanner stream tcp nowait root ?/usr/lib/scan/net/scannerd scannerd
# Printer daemon for passing client requests to lpsched
tcpmux/sgi_printer stream tcp nowait root ?/usr/lib/print/printerd printerd
# System administration server
tcpmux/sgi_sysadm stream tcp nowait root ?/usr/sysadm/bin/sysadmd sysadmd
#SGI DMF Distributed Command Feature dmusrcmd service
tcpmux/sgi_dmusrcmd stream tcp nowait root ?/usr/etc/dmusrcmd /usr/etc/dmusrcmd
