204Part IIRunning the ShowDisabling Network ServicesAlthough there are (Web host server)
204Part IIRunning the ShowDisabling Network ServicesAlthough there are hundreds of services potentially available and subject to attackon your Linux system, in reality only a few dozen services are installed, and only ahandful of those are on by default. Most network services are started by either thexinetd process (named inetd on some Linux distributions) or by a startup script inthe /etc/init.ddirectory. Xinetd is a daemon that listens on a great number of network port numbers. Whena connection is made to a particular port number, xinetd automatically starts theappropriate program for that service and hands the connection to it. The configuration file /etc/xinetd.confis used to provide default settings forthexinetd server. (If the daemon is called inetd, look for an /etc/inetd.conffileinstead.) The directory /etc/xinetd.dcontains files telling xinetdwhat ports tolisten on and what programs to start. Each file contains configuration informationfor a single service, and the file is usually named after the service it configures. Forexample, to enable the rsync service, edit the rsyncfile in the /etc/xinetd.ddirectory and look for a section similar to the following: service rsync{ disable = yessocket_type = streamwait = nouser = rootserver = /usr/bin/rsyncserver_args = –daemonlog_on_failure += USERID} The first line of this example identifies the service as rsync, which exactly matchesthe service name listed in the /etc/servicesfile, causing the service to listenonport 873 for TCP and UDP protocols. You can see that the service is off bydefault (disable = yes). To enable the rsync services, change the line to readdisable = no: service rsync{ disable = nosocket_type = streamwait = nouser = rootserver = /usr/bin/rsyncserver_args = –daemonlog_on_failure += USERID}