General System Security
Stepi
Change the permissions on this file to 600.
[root@deep /]# chmod 600 /etc/inetd.conf
Step 2
ENSURE that the owner is root.
[root@deep /]# stat /etc/inetd.conf
File: “/etc/inetd.conf
Size: 2869 Filetype: Regular File
Mode: (0600/-rw ) Uid: ( 0/ root) Gid: ( 0/ root)
Device: 8,6 Inode: 18219 Links: 1 Access: Wed Sep 22 16:24:16 1999(00000.00:10:44) Modify: Mon Sep 20 10:22:44 1999(00002.06:12:16) Change: Mon Sep 20 10:22:44 1999(00002.06:12:16)
Step 3
Edit the inetd.conf file (vi /etc/inetd.conf) and disable services like:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc. unless you plan to
use it. If it’s turned off it’s much less of a risk.
# To re-read this file after changes, just do a ‘killall -HUP inetd’
#
#echo stream tcp nowait root internal
#echo dgram udp wait root internal
#discard stream tcp nowait root internal
#discard dgram udp wait root internal
#daytime stream tcp nowait root internal
#daytime dgram udp wait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
#time stream tcp nowait root internal
#time dgram udp wait root internal
#
# These are standard services.
#ftp #telnet
stream tcp stream tcp
nowait root nowait root
/usr/sbin/tcpd in.ftpd -I -a /usr/sbin/tcpd in.telnetd
TT
# Shell, login, exec, comsat and talk are BSD protocols.
#shell stream tcp nowait root /usr/sbin/tcpd in.rshd
#login stream tcp nowait root /usr/sbin/tcpd in.rlogind
#exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
#comsat dgram udp wait
#talk dgram udp wait
#ntalk dgram udp wait
#dtalk stream top wait
#
# Pop and imap mail services et al
#