<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2014.210" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2><BR>
<P><A name=A></A><IMG height=15
src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><B><FONT
face="Courier New,Courier"><FONT size=+1>Example A</FONT></FONT></B> <BR><FONT
face="Courier New,Courier">This is an example of the /etc/inetd.conf file.
Notice how everything is commented out except for ftp and telnetd.</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># inetd.conf This
file describes the services that will be available</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>#
through the INETD TCP/IP super server. To re-configure</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT
size=-1>#
the running INETD process, edit this file, then send the</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>#
INETD process a SIGHUP signal.</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#
Version:
@(#)/etc/inetd.conf 3.10
05/27/93</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>#
Authors: Original taken from BSD UNIX
4.3/TAHOE.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#
Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org></FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Modified for Debian Linux by Ian A.
Murdock <imurdock@shell.portal.com></FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Modified for RHS Linux by Marc Ewing
<marc@redhat.com></FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>#
<service_name> <sock_type> <proto> <flags> <user>
<server_path> <args></FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Echo, discard, daytime, and chargen
are used primarily for testing.</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># To re-read this file after changes,
just do a 'killall -HUP inetd'</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#echo stream
tcp nowait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#echo dgram udp
wait root internal</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>#discard stream
tcp nowait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#discard dgram
udp wait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#daytime stream
tcp nowait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#daytime dgram
udp wait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#chargen stream
tcp nowait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#chargen dgram
udp wait root
internal</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>#
These are standard services.</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>ftp
stream tcp nowait root
/usr/sbin/tcpd in.ftpd -l -L -i -o</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>telnet stream
tcp nowait root
/usr/sbin/tcpd in.telnetd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#gopher stream
tcp nowait root
/usr/sbin/tcpd gn</FONT></FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1># do not uncomment smtp unless
you *really* know what you are doing.</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># smtp is handled by the sendmail
daemon now, not smtpd. It does NOT</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># run from here, it is started at boot
time from /etc/rc.d/rc#.d.</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#smtp stream
tcp nowait root
/usr/bin/smtpd smtpd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#nntp stream
tcp nowait root
/usr/sbin/tcpd in.nntpd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Shell, login, exec and talk are BSD
protocols.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#shell stream tcp nowait
root /usr/sbin/tcpd in.rshd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#login stream
tcp nowait root
/usr/sbin/tcpd in.rlogind</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#exec stream
tcp nowait root
/usr/sbin/tcpd in.rexecd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#talk dgram
udp wait root
/usr/sbin/tcpd in.talkd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#ntalk dgram
udp wait root
/usr/sbin/tcpd in.ntalkd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#dtalk stream
tcp waut nobody
/usr/sbin/tcpd in.dtalkd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Pop and imap mail services et
al</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#pop-2 stream tcp nowait
root /usr/sbin/tcpd ipop2d</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#pop-3 stream
tcp nowait root /usr/sbin/tcpd
ipop3d</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#imap stream tcp
nowait root /usr/sbin/tcpd imapd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># The Internet UUCP
service.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#uucp stream tcp nowait
uucp /usr/sbin/tcpd
/usr/lib/uucp/uucico -l</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Tftp service is provided primarily
for booting. Most sites</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># run this only on machines acting as
"boot servers." Do not uncomment</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># this unless you *need*
it.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#tftp dgram udp
wait root /usr/sbin/tcpd
in.tftpd</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#bootps dgram udp
wait root /usr/sbin/tcpd
bootpd</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>#
Finger, systat and netstat give out user information which may be</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT size=-1># valuable to potential
"system crackers." Many sites choose to disable</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># some or all of these services to
improve security.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>#
cfinger is for GNU finger, which is currently not in use in RHS
Linux</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#finger stream tcp nowait
root /usr/sbin/tcpd in.fingerd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#cfinger stream
tcp nowait root
/usr/sbin/tcpd in.cfingerd</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#systat stream
tcp nowait guest /usr/sbin/tcpd
/bin/ps -auwwx</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#netstat stream
tcp nowait guest /usr/sbin/tcpd
/bin/netstat -f inet</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Time service is used for clock
syncronization.</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT
size=-1>#time stream tcp nowait
nobody /usr/sbin/tcpd in.timed</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#time dgram
udp wait nobody
/usr/sbin/tcpd in.timed</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># Authentication</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#auth stream
tcp nowait nobody
/usr/sbin/in.identd in.identd -l -e -o</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># End of inetd.conf</FONT></FONT>
<BR> <BR> <BR>
<P><IMG height=15 src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><A
name=B></A><B><FONT face="Courier New,Courier"><FONT size=+1>Example
B</FONT></FONT></B> <BR><FONT face="Courier New,Courier">This is an example of
the /etc/issue file.</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1># WARNING: You must have
specific authorization to access</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1># this
machine. Unauthorized users will be logged,</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>#
monitored, and then shot on site!</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>#</FONT></FONT> <BR> <BR>
<P><A name=C></A><IMG height=15
src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><B><FONT
face="Courier New,Courier"><FONT size=+1>Example C</FONT></FONT></B> <BR><FONT
face="Courier New,Courier">This is an example of system accounts I leave in the
/etc/passwd file. Notice how the password filed contains "x" and not the
encrpyted password. Encrypted passwords are now securely stored in the
/etc/shadow file as a result of the "pwconv" command.</FONT>
<P><FONT face="Courier New,Courier"><FONT
size=-1>root:x:0:0:root:/root:/bin/bash</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>bin:x:1:1:bin:/bin:</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT
size=-1>daemon:x:2:2:daemon:/sbin:</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>adm:x:3:4:adm:/var/adm:</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT
size=-1>lp:x:4:7:lp:/var/spool/lpd:</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>mail:x:8:12:mail:/var/spool/mail:</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT
size=-1>uucp:x:10:14:uucp:/var/spool/uucp:</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>nobody:x:99:99:Nobody:/:</FONT></FONT>
<BR> <BR> <BR>
<P><A name=D></A><IMG height=15
src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><B><FONT
face="Courier New,Courier"><FONT size=+1>Example D</FONT></FONT></B> <BR><FONT
face="Courier New,Courier">This is an example of /etc/ftpusers</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>root</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>bin</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>daemon</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>adm</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>lp</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>mail</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>uucp</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>nobody</FONT></FONT> <BR>
<BR> <BR> <BR>
<P><A name=E></A><IMG height=15
src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><B><FONT
face="Courier New,Courier"><FONT size=+1>Example E</FONT></FONT></B> <BR><FONT
face="Courier New,Courier"> This is an example of of the /etc/securetty
file.</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>tty1</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>tty2</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>tty3</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>tty4</FONT></FONT> <BR><FONT
face="Courier New,Courier"><FONT size=-1>ttyp1 -- > Note, this entry now
allows a remote user to login as root. Normarlly, you do NOT want this
entry!</FONT></FONT> <BR> <BR> <BR> <BR> <BR>
<BR>
<P><A name=F></A><IMG height=15
src="http://www.enteract.com/~lspitz/ybullet.gif" width=20><B><FONT
face="Courier New,Courier"><FONT size=+1>Example F</FONT></FONT></B> <BR><FONT
face="Courier New,Courier">This is an example of the access control lists for
TCP Wrappers. The syntax is</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>Service: Source (IP address,
network, or name): <optional> : ALLOW or DENY</FONT></FONT>
<P><FONT face="Courier New,Courier">Example of /etc/hosts.allow</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>in.telnetd:
192.168.1.0/255.255.255.0 : banners /etc/bannerfile : ALLOW</FONT></FONT>
<BR><FONT face="Courier New,Courier"><FONT size=-1>in.ftpd: 192.168.1.30
:ALLOW</FONT></FONT> <BR><FONT face="Courier New,Courier"><FONT size=-1>imapd:
ALL : spawn (/usr/local/bin/ids.sh %d %h %H %u</FONT>)</FONT>
<P><FONT face="Courier New,Courier">Example of /etc/hosts.deny. I highly
recommend you always use this as your /etc/hosts.deny file.</FONT>
<P><FONT face="Courier New,Courier"><FONT size=-1>ALL: ALL DENY</FONT></FONT>
<BR> <BR> <BR> <BR> <BR> <BR> <BR>
<BR> <BR> <BR> <BR> <BR> <BR> <BR>
<BR> <BR> <BR> <BR> <BR> <BR> <BR>
<BR> <BR> <BR> <BR> <BR> <BR> <BR>
<BR> <BR> </P></FONT></DIV></BODY></HTML>