## Trimming Down inetd.conf ## Alex Zepeda inetd is essentially the internet "super server". It will listen on various ports (UDP and TCP) and run small servers (well even apache can be tweaked to use inetd). It's very convenient, because once you specify all the valid servers in the configuration file (/etc/inetd.conf) you only need to run inetd to start them all up (and inetd is usually started up by default). However, inetd is a bad idea for bigger servers (ftp, web, smtp, etc.). This is due to the way that connections are handled by inetd. By default, inetd is set to run all sorts of servers, many of which are probably not needed by the average user (or server). Lines in /etc/inetd.conf that start with a # are comment lines. Examples of unneeded servers are: shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind rsh and rlogin are both quite similar to telnet, but a bit more insecure due to the fact that you can set them to not prompt for passwords based on hostnames of the person trying to connect. In turn, this can be faked easily enough to cause trouble. Using ssh is a better alternative. echo stream tcp nowait root internal echo dgram udp wait root internal These are dangerous because anything that is sent to these ports will be sent back, creating an easy way to waste bandwidth. chargen stream tcp nowait root internal chargen dgram udp wait root internal These two are even more dangerous, because these will send data (it iterates through the ascii values) without stopping, creating a huge bandwidth waste (the last four were commented out by default). Restarting inetd is somewhat of a black art, but generally, you can check in /var/run/inetd.pid to find the process id of inetd, and then kill , wait a few seconds and run "inetd" again to restart it. Another method is if you use the sh or bash (anything sh derived) shell. Anything between two `'s (i.e. `foo`) will be executed, and the output of foo substituted. So if you type kill `cat /var/run/inetd.pid`, this will take the contents of /var/run/inetd.pid (in this case the process id of inetd), and use it as an argument for the kill command. - Alex $Id: inetd.txt,v 1.1 2000/02/16 08:07:53 jim Exp $