 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Example A This is an example of the /etc/inetd.conf file. Notice how everything is commented out except for ftp and telnetd. # # inetd.conf This file describes the services that will be available # through the INETD TCP/IP super server. To re-configure # the running INETD process, edit this file, then send the # INETD process a SIGHUP signal. # # Version: @(#)/etc/inetd.conf 3.10 05/27/93 # # Authors: Original taken from BSD UNIX 4.3/TAHOE. # Fred N. van Kempen, <waltje at uwalt.nl.mugnet.org> # # Modified for Debian Linux by Ian A. Murdock <imurdock at shell.portal.com> # # Modified for RHS Linux by Marc Ewing <marc at redhat.com> # # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> # # Echo, discard, daytime, and chargen are used primarily for testing. # # To re-read this file after changes, just do a 'killall -HUP inetd' # #echo stream tcp nowait root internal #echo dgram udp wait root internal #discard stream tcp nowait root internal #discard dgram udp wait root internal #daytime stream tcp nowait root internal #daytime dgram udp wait root internal #chargen stream tcp nowait root internal #chargen dgram udp wait root internal # # These are standard services. # ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -L -i -o telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd #gopher stream tcp nowait root /usr/sbin/tcpd gn # do not uncomment smtp unless you *really* know what you are doing. # smtp is handled by the sendmail daemon now, not smtpd. It does NOT # run from here, it is started at boot time from /etc/rc.d/rc#.d. #smtp stream tcp nowait root /usr/bin/smtpd smtpd #nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd # # Shell, login, exec and talk are BSD protocols. # #shell stream tcp nowait root /usr/sbin/tcpd in.rshd #login stream tcp nowait root /usr/sbin/tcpd in.rlogind #exec stream tcp nowait root /usr/sbin/tcpd in.rexecd #talk dgram udp wait root /usr/sbin/tcpd in.talkd #ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd #dtalk stream tcp waut nobody /usr/sbin/tcpd in.dtalkd # # Pop and imap mail services et al # #pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d #pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d #imap stream tcp nowait root /usr/sbin/tcpd imapd # # The Internet UUCP service. # #uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l # # Tftp service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers." Do not uncomment # this unless you *need* it. # #tftp dgram udp wait root /usr/sbin/tcpd in.tftpd #bootps dgram udp wait root /usr/sbin/tcpd bootpd # # Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable # some or all of these services to improve security. # # cfinger is for GNU finger, which is currently not in use in RHS Linux # #finger stream tcp nowait root /usr/sbin/tcpd in.fingerd #cfinger stream tcp nowait root /usr/sbin/tcpd in.cfingerd #systat stream tcp nowait guest /usr/sbin/tcpd /bin/ps -auwwx #netstat stream tcp nowait guest /usr/sbin/tcpd /bin/netstat -f inet # # Time service is used for clock syncronization. # #time stream tcp nowait nobody /usr/sbin/tcpd in.timed #time dgram udp wait nobody /usr/sbin/tcpd in.timed # # Authentication # #auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -e -o # # End of inetd.conf Example B This is an example of the /etc/issue file. # # # WARNING: You must have specific authorization to access # this machine. Unauthorized users will be logged, # monitored, and then shot on site! # # Example C This is an example of system accounts I leave in the /etc/passwd file. Notice how the password filed contains "x" and not the encrpyted password. Encrypted passwords are now securely stored in the /etc/shadow file as a result of the "pwconv" command. root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: mail:x:8:12:mail:/var/spool/mail: uucp:x:10:14:uucp:/var/spool/uucp: nobody:x:99:99:Nobody:/: Example D This is an example of /etc/ftpusers root bin daemon adm lp mail uucp nobody Example E This is an example of of the /etc/securetty file. tty1 tty2 tty3 tty4 ttyp1 -- > Note, this entry now allows a remote user to login as root. Normarlly, you do NOT want this entry! Example F This is an example of the access control lists for TCP Wrappers. The syntax is Service: Source (IP address, network, or name): <optional> : ALLOW or DENY Example of /etc/hosts.allow in.telnetd: 192.168.1.0/255.255.255.0 : banners /etc/bannerfile : ALLOW in.ftpd: 192.168.1.30 :ALLOW imapd: ALL : spawn (/usr/local/bin/ids.sh %d %h %H %u) Example of /etc/hosts.deny. I highly recommend you always use this as your /etc/hosts.deny file. ALL: ALL DENY -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.blu.org/pipermail/discuss/attachments/19990509/840cb1bb/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 1007 bytes Desc: not available URL: <http://lists.blu.org/pipermail/discuss/attachments/19990509/840cb1bb/attachment.gif>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
