Jump to content

Where is inetd.conf or xinetd.conf?


Dakota
 Share

Recommended Posts

While trying to disable services during startup I noticed there is no inetd.conf or xinetd.conf. Where are these files or are we using a different configuration file for inetd?

 

 

Dakota

Edited by Dakota
Link to comment
Share on other sites

In my box, there's no xinetd.conf , but there is a folder /etc/xinetd.d/ and those services that has been controlled by xinetd can be found under that folder, there, you can edit that particular file, like for example in my box fam is enable and the /etc/xinetd.d/fam file looks like

# default: on
# description: FAM is a file monitoring daemon. It can # be used to get reports when files change.

service sgi_fam
{
   disable             = no
   type                = RPC UNLISTED
   rpc_version         = 2
   rpc_number          = 391002
   socket_type         = stream
   protocol            = tcp
   wait                = yes
   user                = root
   group               = nogroup
   server              = /usr/sbin/famd
   bind                = 127.0.0.1
   flags               = NOLIBWRAP
}

to disalbe it here, just set disable = yes

Edited by aioshin
Link to comment
Share on other sites

Well, really need to disable some services. I would like to close every port that was detected by nmap as long as its not needed.

 

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-06-14 23:02 EDT

Initiating SYN Stealth Scan against localhost (127.0.0.1) [65535 ports] at 23:02

Discovered open port 25/tcp on 127.0.0.1

Discovered open port 887/tcp on 127.0.0.1

Discovered open port 10026/tcp on 127.0.0.1

Discovered open port 1025/tcp on 127.0.0.1

Discovered open port 631/tcp on 127.0.0.1

Discovered open port 5335/tcp on 127.0.0.1

Discovered open port 6000/tcp on 127.0.0.1

Discovered open port 111/tcp on 127.0.0.1

Discovered open port 1024/tcp on 127.0.0.1

The SYN Stealth Scan took 11.59s to scan 65535 total ports.

Initiating UDP Scan against localhost (127.0.0.1) [65535 ports] at 23:02

Discovered open port 62118/udp on 127.0.0.1

The UDP Scan took 14.70s to scan 65535 total ports.

For OSScan assuming port 25 is open, 1 is closed, and neither are firewalled

Host localhost (127.0.0.1) appears to be up ... good.

Interesting ports on localhost (127.0.0.1):

(The 131054 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

25/tcp open smtp

68/udp open|filtered dhcpclient

111/tcp open rpcbind

111/udp open|filtered rpcbind

631/tcp open ipp

631/udp open|filtered unknown

881/udp open|filtered unknown

884/udp open|filtered unknown

887/tcp open unknown

1024/tcp open kdm

1025/tcp open NFS-or-IIS

5335/tcp open unknown

5353/udp open|filtered unknown

6000/tcp open X11

10026/tcp open unknown

62118/udp open unknown

Device type: general purpose

Running: Linux 2.4.X|2.5.X|2.6.X

OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)

OS Fingerprint:

TSeq(Class=RI%gcd=1%SI=40887A%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

 

Uptime 0.080 days (since Tue Jun 14 21:07:25 2005)

TCP Sequence Prediction: Class=random positive increments

Difficulty=4229242 (Good luck!)

 

In later Linux releases I would use inetd.config or xinetd.config

How do I go about disabling these services on Mandriva 2005LE?

Link to comment
Share on other sites

if you are running x, try to open MCC - Systems - services, here you can uncheck those services u dont need to run and stop it. If you prefered CLI, use the chkconfig utility... #chkconfig --list listdown running services on different init level...just man chkconfig for more commands available or just type #chkconfig ..it will show you the usage

Link to comment
Share on other sites

if you are running x, try to open MCC - Systems - services, here you can uncheck those services u dont need to run and stop it. If you prefered CLI, use the chkconfig utility... #chkconfig --list listdown running services on different init level...just man chkconfig for more commands available or just type #chkconfig   ..it will show you the usage

 

 

Thanks, I was not aware of the services tab in MCC. I used that and chkconfig to close many services I do not need, However the ports below still need to be closed.

 

(The 131063 ports scanned but not shown below are in state: closed)
PORT      STATE         SERVICE
68/udp    open|filtered dhcpclient
1024/tcp  open          kdm
1025/tcp  open          NFS-or-IIS
5335/tcp  open          unknown
5353/udp  open|filtered unknown
6000/tcp  open          X11
38529/udp open          unknown
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.6.3 - 2.6.8

 

Is there anywhere else I should look at trying to close these ports?

Link to comment
Share on other sites

try to #netstat -lp | grep tcp -it will list the ports and services listening on it, but if you have a firewall or netfilter running on that box, you wouldnt have to worry...... atleast, the hacker would find your OS hard to guess, though you are running linux, but he wont be able to find what distro you are using... I guess you're running mandrake and nmap guess it as gentoo.. :P

Link to comment
Share on other sites

You'd be better enabling the Shorewall firewall, within MCC and Security. By default, if no boxes are checked, then nothing will be allowed incoming to the machine, meaning it will be blocked, and all the ports you've listed above will be safe.

 

Removing some of the ports you've listed could cause you problems, such as not being able to get a DHCP IP address, and therefore, having to set a static one. Minor, but an issue nonetheless. With regards to disabling the others, I've no idea what effect it would have on your system, and whether it would be good or bad. Best to leave, and use the firewall :P

Link to comment
Share on other sites

Being behind a NAT router with SPI and running Shorewall one would have to say it's pretty safe. Although I really dislike KDM and X11 listening to TCP. I have no idea which service is listening to the high UDP port, the port number changes quite often.

 

 

Dakota

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...