The internet daemon, /usr/sbin/inetd, is the master server for many of the Internet
Services. The inetd daemon listens for connection requests for the
services listed in its configuration file and starts up the appropriate
server when it receives a request.
The inetd daemon is always started as part of the boot process,
by the startup script /sbin/init.d/inetd.
The /etc/inetd.conf file is the inetd configuration file, which lists the services that
may be started by inetd. In addition to the configuration file, you can
configure an optional security file called /var/adm/inetd.sec, which restricts access to the services started
by inetd.
This section gives instructions for completing the following
tasks:
If you want to write your own service and tie it in to inetd, see the Berkeley IPC Programmer's
Guide.
To Edit the /etc/inetd.conf
File |
 |
Make sure the following lines exist in /etc/inetd.conf. If any of the lines starts with a pound sign
(#), remove the pound sign to enable the service.
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
tftp dgram udp wait root /usr/lbin/tftpd tftpd
bootps dgram udp wait root /usr/lbin/bootpd bootpd
finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp nowait root /usr/lbin/rlogind rlogind
shell stream tcp nowait root /usr/lbin/remshd remshd
exec stream tcp nowait root /usr/lbin/rexecd rexecd |
To disable any of these services, comment out the line by
typing a pound sign (#) as the first character on the line.
If you made any changes to /etc/inetd.conf, type the following command to force inetd to read its configuration file:
Make sure /etc/inetd.conf is owned by user root and group other, and make sure its permissions are set to 0444
(-r--r--r--).
For more information, type man 4 inetd.conf or man 1M inetd.
To Edit the /var/adm/inetd.sec
File |
|
The /var/adm/inetd.sec file is a security file that inetd reads to determine which remote hosts are allowed
access to the services on your host. The inetd.sec file is optional; you do not need it to run the Internet
Services.
You can use either a text editor or SAM to edit the inetd.sec file. SAM (System Administration Manager) is Hewlett-Packard's
windows-based user interface for performing system administration
tasks. To run SAM, type sam at the HP-UX prompt. SAM has an extensive online
help facility.
If the /var/adm/inetd.sec file does not exist on your host, copy /usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
Create one line in inetd.sec for each service to which you want to restrict
access. Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...]
{deny} |
where service_name is the first field in an entry in the /etc/inetd.conf file, and host_specifier is a host name, IP address, IP address range,
or the wildcard character (*).
Make sure the /var/adm/inetd.sec file is owned by user root and group other, and make sure its permissions are set to 0444 (-r--r--r--).
Following are some example lines from an inetd.sec file:
login allow 10.*
shell deny vandal hun
tftp deny * |
The first example allows access to rlogin from any IP address beginning with 10. The second
example denies access to remsh and rcp from hosts vandal and hun. The third example denies everyone access to tftp.
Only the services configured in /etc/inetd.conf can be configured in /var/adm/inetd.sec.
For more information, type man 4 inetd.sec or man 1M inetd.
