Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Linux : Education - Tutorials
LPI certification 102 exam prep, Part 3
ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
4. Security overview
  


Turning off unused network services (superserver) page 10 of 21


Turning off unused network services is always a good way to improve your intrusion prevention. For example, if you are running an Internet superserver (such as inetd or xinetd described earlier in this tutorial), then in.rshd, in.rlogind, and in.telnetd are often enabled by default. These network services have nearly all been superseded by more secure alternatives such as ssh.

To disable services in inetd, simply comment out the appropriate line in /etc/inetd.conf by prepending "#;" then restart inetd. (This was described previously in this tutorial, so glance back a few panels if you need a refresher.)

To disable services in xinetd, you can do something similar with the appropriate snippet in /etc/xinetd.d. For example, to disable telnet, either comment out the entire content of the file /etc/xinetd.d/telnet, or simply delete the file. Restart xinetd to complete the procedure.

If you're using tcpd in conjunction with inetd, or if you're using xinetd, you also have the option of limiting incoming connections to trusted hosts. For tcpd, see the earlier sections in this tutorial. For xinetd, search for "only_from" in the xinetd.conf(5) man page.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact