To see what's recently changed on this page - please look at the Changes page.
The purpose of this web page:
This is all about lines found in the typical /etc/inetd.conf file and what programs/functions break if those lines are commented out or removed. I've also added info about the /var/adm/ined.sec file which works along with the inetd.conf file. The inetd.sec info is located at the bottom of this page.
At this time I only have access to HP-UX 11.x workstations and servers. That's the inetd.conf flavor I'm going to use here. I don't think there is to much difference on other systems. Also, I show logging switches just about everywhere I can. The only place (I think) their will be a difference compared to, let's say, a Solaris box will be at the very bottom where I'm adding application information. Also, the inetd.sec file is used on HP-UX systems only.
Remember, this has everything to do with the overall line, NOT what each piece of the line does (i.e.; stream, tcp, nowait, root). Enough folks explain that on the internet. Also, I got most of this info from simply looking at the "man" pages or running HP's "Bastille" program.
The inetd.conf line is in regular text and my additions to those lines are going to be in Bold text. My comments for each line are underneath and are in bulleted - Italic text. I'll indicate what breaks if the line is commented or removed (remember... that's the purpose of this doc in the first place). Any line starting with a pound sign (#) was commented out by HP (from a standard O/S install), when I started this mess.
I didn't add any comments to the application lines at the bottom of this page. I got them off of production and development boxes so I assume they are correct. So... I assume if you comment or remove the application line(s) then that application will break.
If you change the /etc/inetd.conf file in any way, you'll need to have inetd reread the config file. Do this buy running the following command: /usr/sbin/inetd -c. You do NOT have to run inetd -c after modifying the inetd.sec file.
If you have input on what breaks, nasty errors on this page, etc., I'd appreciate it if you would let me know. Please send comments to: firstname.lastname@example.org
Oh yes... I have some other pages that may be of some use as well:
Unix Notes, Server Build document, GSP Information and Ignite document
You can get an idea on how to configure the following files; /etc/issue, /etc/ftpd/ftpaccess and /etc/ftpd/ftpusers (which are noted below), and also see what I think can be safely commented out of a "standard" /etc/inetd.conf file in my Server Build document.
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue
#tftp dgram udp wait root /usr/lbin/tftpd tftpd
tftp dgram udp wait root /usr/lbin/tftpd tftpd\
Because the "instl_boots" line is added when Ignite is installed I've placed it at the bottom of this page with the other application lines. You see, tftp is normally here - modified or not - but the instl_boots line is added when Ignite is installed.
#bootps dgram udp wait root /usr/lbin/bootpd bootpd
#finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp nowait root /usr/lbin/rlogind rlogind -l -B /etc/issue
shell stream tcp nowait root /usr/lbin/remshd remshd -l
exec stream tcp nowait root /usr/lbin/rexecd rexecd
#uucp stream tcp nowait root /usr/sbin/uucpd uucpd
ntalk dgram udp wait root /usr/lbin/ntalkd ntalkd
ident stream tcp wait bin /usr/lbin/identd identd -l
printer stream tcp nowait root /usr/sbin/rlpdaemon rlpdaemon -i -l
daytime stream tcp nowait root internal
daytime dgram udp nowait root internal
time stream tcp nowait root internal
#time dgram udp nowait root internal
echo stream tcp nowait root internal
echo dgram udp nowait root internal
discard stream tcp nowait root internal
discard dgram udp nowait root internal
chargen stream tcp nowait root internal
chargen dgram udp nowait root internal
# Do not uncomment these unless your system is running portmap!
# WARNING: The rpc.mountd should now be started from a startup script.
# Please enable the mountd startup script to start rpc.mountd.
#rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 rpc.rexd -r -l /var/adm/syslog/rpc.stuff
#rpc dgram udp wait root /usr/lib/netsvc/rstat/rpc.rstatd 100001 2-4 rpc.rstatd -e -l /var/adm/syslog/rpc.stuff
#rpc dgram udp wait root /usr/lib/netsvc/rusers/rpc.rusersd 100002 1-2 rpc.rusersd -e -l /var/adm/syslog/rpc.stuff
#rpc dgram udp wait root /usr/lib/netsvc/rwall/rpc.rwalld 100008 1 rpc.rwalld -e -l /var/adm/syslog/rpc.stuff
#rpc dgram udp wait root /usr/sbin/rpc.rquotad 100011 1 rpc.rquotad
#rpc dgram udp wait root /usr/lib/netsvc/spray/rpc.sprayd 100012 1 rpc.sprayd -e -l /var/adm/syslog/rpc.stuff
kshell stream tcp nowait root /usr/lbin/remshd remshd -K -l
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K -l
# NCPM programs.
# Do not uncomment these unless you are using NCPM.
#ncpm-pm dgram udp wait root /opt/ncpm/bin/ncpmd ncpmd
#ncpm-hip dgram udp wait root /opt/ncpm/bin/hipd hipd
dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd -log
rpc xti tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver
rpc dgram udp wait root /usr/dt/bin/rpc.cmsd 100068 2-5 rpc.cmsd
recserv stream tcp nowait root /usr/lbin/recserv recserv -display :0
registrar stream tcp nowait root /etc/opt/resmon/lbin/registrar /etc/opt/resmon/lbin/registrar
# PowerBroker local daemon
pblocald stream tcp nowait root /opt/pb/sbin/pblocald pblocald
omni stream tcp nowait root /opt/omni//lbin/inet inet -log /var/opt/omni//log/inet.log
swat stream tcp nowait.400 root /opt/samba/bin/swat swat
# M/C Service Guard
hacl-probe stream tcp nowait root /opt/cmom/lbin/cmomd /opt/cmom/lbin/cmomd -f /var/opt/cmom/cmomd.log -r /var/opt/cmom
hacl-cfg dgram udp wait root /usr/lbin/cmclconfd cmclconfd -p
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c
instl_boots dgram udp wait root /opt/ignite/lbin/instl_bootd instl_bootd
medusad stream tcp nowait root /opt/medusa/lbin/medusad medusad
For example, telnet is not commented out in the inetd.conf file. Someone tries to telnet to your box. The inetd process looks here to see what to do next and finds the following line:
telnet allow 198.162.1.02-20 127.0.0.1 localhostOnly telnet connections from the IP range of
localhostwill work. All others will not.
If you have this line instead:
telnet deny 198.162.* batcave.gothem.city.com
The boxes on the
198.162.whatever.whatever and the server
batcave.gothem.city.com will not connect. All others will be able to connect.
So the line look's something like this:
< service name > < allow/deny > < host/network addresses, host/network names >
Also, when you modify this file you do not need to run the "inetd -c" command.
Search my site:
Ok.. so I put this waaay down at the bottom of this web page. I don't expect anyone to actually toss a buck or two my way as a thank you for all the work I've done on this site (Hmmm... feel guilty yet?), but it sure would be nice.