Hi,
As root:
First delete or change the permissions for the appropriate executables, telnet, ftp, rsh, etc.
(as a rule all the rxxx sommands should be disabled in a "secure" system, rsh, rlogin, rup, etc.)
Delete the entries from the /etc/inetd.conf file, they look like this:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
shell stream tcp nowait root /usr/sbin/in.rshd in.rshd
login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind
exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
then stop and restart initd thus:
/etc/init.d/inetsvc stop
/etc/init.d/inetsvc start
You could issue a /etc/init.d/inetsvc restart but it doesn't always work.
If you can't kill it with the script kill it by hand thus:
ps -ef |grep inetd
This will return something like the following:
root 230 1 0 Jul 30 ? 0:15 /usr/sbin/inetd -s
root 23121 16722 0 13:45:48 pts/0 0:00 grep inetd
then you do this:
killl -9 230
where 230 reperesent the number that appears after "root" on the output that comes from the grep command above.
Then...
Make sure inetd is still running by issuing the above grep command once you've restarted the inetd service.
What this does:
First, changing the permissions stops people from running the commands to get OFF the machine. Second removing the services from inetd.conf stops the machine responding to people trying to get ON to the machine.
If you're trying to secure the machine you may also want to consider disabling sendmail, and making sure your version of bind is up to date as older version have a buffer overflow vulnerability that allows a hacker root access if they know what they are doing, if the machine doesn't need DNS or NIS then dissable that too, and bring the machine up "standalone"
Hope this helps
later
jb
(praxis22@hotmail.com)
