aboutsummaryrefslogtreecommitdiff
path: root/etc/inetd.conf
Commit message (Collapse)AuthorAgeFilesLines
* Default to disabling all inetd.conf entries, in particular, telnetdRobert Watson2001-08-021-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | and ftpd. This more conservative default reduces the exposure of freshly installed machines, which is especially valuable for machines that receive minimal further configuration before being put into production. Generally speaking, SSH has superseded the use of both telnet and ftp in many environments. In light of recent remotely exploitable security holes in both telnetd and ftpd, this choice retains flexibility (both telnetd and ftpd daemons remain installed and easily enableable) while protecting users who don't need the additional risk. This change brings our configuration into line with the majority of other UNIX vendors, including OpenBSD and NetBSD. To address the concerns of those requiring remote access via telnet from first install, changes will shortly be committed to sysinstall to provide the ability to edit inetd.conf during the installation process, allowing telnetd and ftp to be re-enabled during the installation process. While I'm at it, slightly improve commenting for inetd.conf so that it's more clear to users how to enable and disable services. Further commenting to indicate the functions of various columns would probably also be useful. Reviewed by: imp, chris, jake, nate, -arch, -stable Notes: svn path=/head/; revision=81020
* Integrate the IPv6 entries with the rest of them to avoid things gettingPeter Wemm2001-03-301-32/+18
| | | | | | | | | out of sync. A similar change was made by itojun on the OpenBSD tree a few weeks ago. This should stop people disabling one server and forgetting the other one (eg: ftp and/or telnet) Notes: svn path=/head/; revision=75017
* Disable rsh and rlogin by default. ssh and telnet are still available forKris Kennaway2000-10-041-4/+4
| | | | | | | remote access on default installations. Notes: svn path=/head/; revision=66621
* Turn fingerd OFF by default. Comparative essentials like telnetdJordan K. Hubbard2000-10-031-2/+2
| | | | | | | | | are bad enough, but finger is hardly a critical system service and it's traditionally been vulnerable to a variety of attacks; anybody remember RTFM and his worm? Notes: svn path=/head/; revision=66568
* Fix a misspelling in the comments for tha IPv6 auth service and change themJohn Baldwin2000-03-251-2/+2
| | | | | | | to more closely resembles those in the IPv4 sction. Notes: svn path=/head/; revision=58574
* Fix a typo. (s/eExample/Example/)Yoshinobu Inoue2000-03-051-1/+1
| | | | | | | Submitted by: Robert Muir <rmuir@looksharp.net> Notes: svn path=/head/; revision=57773
* Add IPv6 services into inetd.conf.Yoshinobu Inoue2000-02-271-0/+31
| | | | | | | | | | | Also enable some standard IPv6 apps by default. These entries will be simply ignored on systems with no INET6 defined. Approved by: jkh Suggested by: peter Notes: svn path=/head/; revision=57537
* Include a note below the example qmail entry that mentions that inetd isDaniel Baker2000-01-101-1/+4
| | | | | | | | no longer the correct way to have qmail handle incoming qmail smtp connections. Also provide a url to the correct method. Notes: svn path=/head/; revision=55779
* Update the cvs pserver example so that it gives some more obvious cluesPeter Wemm1999-12-261-3/+5
| | | | | | | | | about the --allow-root switch. PR: 14463 Notes: svn path=/head/; revision=55115
* $Id$ -> $FreeBSD$Peter Wemm1999-08-271-1/+1
| | | | Notes: svn path=/head/; revision=50472
* Add -n to the example and explanation of the internal auth service.Brian Feldman1999-07-241-3/+4
| | | | Notes: svn path=/head/; revision=49059
* Document the -o and -t options to the internal auth service and give anSheldon Hearn1999-07-231-7/+4
| | | | | | | | | | | | example of their usage in the sample config. Merge the two examples for the green internal auth service. This commit failed the first time around because Brian beat me to the punch on inetd.8 . I like my descriptions better and I'm pretty sure Brian won't mind. Notes: svn path=/head/; revision=49034
* I think the last revision got lost here. Identd needs to be run as root,Brian Feldman1999-07-161-2/+2
| | | | | | | | | at least for now. I relegated the getcred sysctls to only root, but if they're deemed to be "allowable" to export to users, I'll do so and revert this change. Notes: svn path=/head/; revision=48846
* Document the new {auth,ident,tap} service and provide examples in theSheldon Hearn1999-07-161-6/+13
| | | | | | | | | configuration file. Requested by: green Notes: svn path=/head/; revision=48845
* This is the working internal ident service. Turn it on by settingBrian Feldman1999-07-151-2/+3
| | | | | | | | | the make variable REAL_IDENT, and ~/.fakeid support can be added with FAKEID set. Note that the default behavior is the same as the old behavior. Notes: svn path=/head/; revision=48816
* Due to recent pidentd port changes (switch to sysctl), identd must beAndrey A. Chernov1999-07-151-2/+2
| | | | | | | runned as root again, not kmem:kmem Notes: svn path=/head/; revision=48815
* comsat sandbox prevents biff/comsat from being able to print partialMatthew Dillon1998-12-011-1/+3
| | | | | | | | | mailbox contents. comsat instead simply prints that new mail is available. Add appropriate comment to inetd.conf but leave comsat in sandbox. Notes: svn path=/head/; revision=41444
* Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),Matthew Dillon1998-12-011-4/+4
| | | | | | | | | | | | | adjustd inetd.conf to run comsat and ntalk from tty sandbox, and the (commented out) ident from the kmem sandbox. Note that it is necessary to give each group access it's own uid to prevent programs running under a single uid from being able to gdb or otherwise mess with other programs (with different group perms) running under the same uid. Notes: svn path=/head/; revision=41441
* Add example for the internal "ident server".Poul-Henning Kamp1998-11-041-1/+5
| | | | Notes: svn path=/head/; revision=40911
* Limit the fingerd daemon to:Wolfram Schneider1998-09-301-2/+2
| | | | | | | | runs only 3 simultaneous fingerd processes and limit the connections-per-ip-per-minute to 10. Notes: svn path=/head/; revision=39825
* Add Id keywordsBrian Somers1998-09-021-0/+1
| | | | Notes: svn path=/head/; revision=38738
* Clean up the kerberos entries, and add example CVS entriesMark Murray1998-08-151-4/+4
| | | | Notes: svn path=/head/; revision=38337
* MFC: sample qmail entry.Tim Vanderhoek1998-07-181-0/+4
| | | | Notes: svn path=/head/; revision=37741
* Restore the Samba entries which were spammed when someone addedJordan K. Hubbard1997-09-281-0/+6
| | | | | | | the imap4 entry. Notes: svn path=/head/; revision=29951
* Add commented out example entry for imap4Andrey A. Chernov1997-01-121-0/+4
| | | | Notes: svn path=/head/; revision=21613
* The kerberised network services should only be active in inetd.confPeter Wemm1996-11-101-4/+4
| | | | | | | | | | | | | | | | | if kerberos is installed. So far as I'm aware, kerberos aware clients detect ECONNREFUSED and (if allowed) fall back to the non-kerberos servers. They do not know how to interpret messages such as "rlogind: unknown option -k". I believe Garrett also mentioned this. Unfortunately, this adds an extra step to bringing up kerberos. It also stops /var/log/messages getting quite so many useless (and confusing) error messages when somebody does a port scan on you. Notes: svn path=/head/; revision=19607
* In the brave new world, that that does not make us strong, kills us.Paul Traina1996-10-021-28/+38
| | | | | | | | | Turn OFF the "small servers" by default. FreeBSD systems should only serve actively used programs. Jewels like chargen and echo are too useful in attack scenarios. Notes: svn path=/head/; revision=18639
* Add commented out example for bootpsPoul-Henning Kamp1996-09-191-0/+1
| | | | Notes: svn path=/head/; revision=18378
* changed /etc/[daily,weekly,monthly] to not rotate the logfiles byThomas Graichen1996-01-051-0/+2
| | | | | | | | | | "hand", changed /etc/crontab to call /usr/sbin/newsyslog every hour (the entry was there before - but we haven't had any newsyslog until today :-) and changed /etc/inetd.conf to also contain (commentet out) entries for rpc.rquotad and rpc.sprayd (taken from NetBSD) Notes: svn path=/head/; revision=13249
* Add /tftpboot as an argument to the commented-out example for tftp, soJoerg Wunsch1995-12-231-1/+1
| | | | | | | | people don't compromise their system by blindly un-commenting the entry. Notes: svn path=/head/; revision=12995
* inetd.conf:Justin T. Gibbs1995-09-151-0/+1
| | | | | | | | | | Add rkinit at 2108/tcp. services: Add rkinitd. Notes: svn path=/head/; revision=10808
* Restore tabs in inetd lineAndrey A. Chernov1995-07-291-1/+1
| | | | | | | | Submitted by: Obtained from: Notes: svn path=/head/; revision=9775
* Rename in.identd -> identd according recent ports renameAndrey A. Chernov1995-07-271-1/+1
| | | | Notes: svn path=/head/; revision=9742
* Add ident (commented out)Andrey A. Chernov1995-04-081-0/+1
| | | | Notes: svn path=/head/; revision=7671
* Disable UDP echo, chargen, date, and daytime services.Garrett Wollman1994-12-211-4/+4
| | | | Notes: svn path=/head/; revision=5183
* Uncomment uucpd by default, it is working and secure nowAndrey A. Chernov1994-12-191-1/+1
| | | | Notes: svn path=/head/; revision=5170
* Change the example line for popper to point to /usr/local/libexec/popperAndreas Schulz1994-11-181-1/+1
| | | | | | | instead of /usr/local/etc/popper. The 2.0 installation installs it there. Notes: svn path=/head/; revision=4652
* Secure fingerd by defaultPaul Traina1994-09-291-1/+1
| | | | Notes: svn path=/head/; revision=3196
* Disable rexecd by default (major security hole)Paul Traina1994-09-291-1/+1
| | | | Notes: svn path=/head/; revision=3190
* Add an entry for pcnfsd (commented out)Paul Traina1994-09-281-0/+1
| | | | Notes: svn path=/head/; revision=3169
* Added comment about registerd and kpasswdd not working in 1.x.Garrett Wollman1994-06-131-1/+1
| | | | | | | | | Deleted commented-out line which would start mountd; that's not the right pplace to do it (don't confuse the users). Should probablyhave uncommented rpc.rstatd, but didn't. Notes: svn path=/head/; revision=1715
* Comment out uucpd, not properly configured as defaultAndrey A. Chernov1994-05-311-4/+4
| | | | | | | Comment out walld/rusersd/rstatd, may be too verbose Notes: svn path=/head/; revision=1662
* Uncomment uucpd, now it worksAndrey A. Chernov1994-05-311-4/+4
| | | | | | | | Uncomment rstatd/rusersd/rwalld all three worked mountd still commented out, I remember some problem with it Notes: svn path=/head/; revision=1645
* Added entries for sup into services.Andreas Schulz1993-12-051-0/+4
| | | | | | | Added an example entry for the pop3 popper into inetd.conf as a comment. Notes: svn path=/head/; revision=831
* Change space to tab in ruserd line per Guido van RooijRodney W. Grimes1993-10-211-2/+2
| | | | Notes: svn path=/head/; revision=645
* Disable rpc services so that inetd no longer hangs when you are notRodney W. Grimes1993-10-131-3/+5
| | | | | | | | | | running portmapper. These are site specific functionality and should only be enabled for sites that want them, not by default. These services REQUIRE portmapper to be running Notes: svn path=/head/; revision=591
* Entries so RPC servers are started.J.T. Conklin1993-09-231-0/+5
| | | | Notes: svn path=/head/; revision=500
* Added /etc/networks to the files that get installed, some how it gotRodney W. Grimes1993-09-021-1/+1
| | | | | | | | dropped out of the Makefile. Commented out talk in inetd.conf since it refers to the old non-existent otalkd. Notes: svn path=/head/; revision=377
* Initial import of 386BSD 0.1 othersrc/etcRodney W. Grimes1993-06-201-0/+34
Notes: svn path=/cvs2svn/branches/unlabeled-1.1.1/; revision=37
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-17 00:26:39 +0000