The Linux inetd daemon is a network service utility that provides a central point of control for all Internet services running on a system. The inetd daemon listens for network ports listed in the /etc/inetd.conf file. Each line of the inetd.conf file lists one service that inetd is to listen for. When an incoming request matches a network port number specified in the file, inetd assigns the appropriate application to the incoming socket. For example, if an incoming request asks for port 21 and ftp is listed in the /etc/inetd.conf file, inetd will then connect the client to the ftp service, after which it resumes listening in on the other ports listed in its configuration file. To find out if the inetd daemon is running on a workstation, open a terminal window and enter the following command:ps aux | grep inetd
| Figure A |
 |
The results of this command are also shown in Figure A. There, you can clearly see that inetd is listening for ftp, finger, and ntalk, among others. Figure A shows the /etc/inetd.conf file as configured by the installation script that came with the Red Hat 6.1 CD. However, the file needs considerable modification to secure the system. This can be done by editing the file through a text editor, such as vi, and removing unnecessary services. For example, lines specifying older utilities, such as talk and ntalk, which allow interactive communications between you and another user on the network, should be deleted. Another older utility, finger, which runs by default over port 79 and allows a remote client to find out user information, should also be deleted. These services do not have security features required for today's networks. Shell and login are RPC-based daemons that should be replaced with their more secure versions (i.e., SSH and slogin, respectively). The ftp and telnet services should also be replaced by their more secure counterparts, scp or http for ftp, and sshd for telnet. (Note that large installations should not be running http on every desktop. Instead, workstations in these installations should be accessing the Web via a separate Web server.) Another problem is that root is entered in the user field of many services. It is recommended that services never be run as root unless absolutely necessary, and then only if they are strictly monitored. If they are not, the user field of each line should be replaced with nobody, which is preferred. Services run by the xinetd daemon
If you find that inetd is not present on your workstation, it doesn't mean that you have no active network services. Later versions of Linux, such as Red Hat 7.0 and above, have replaced the inetd daemon with the extended Internet services daemon, xinetd. Like inetd, xinetd listens for connection requests from client applications. When it receives a connection request to a port, xinetd starts up the TCP/IP service for that port, handing over the port to the network service so the client can work with the service. To see if xinetd is running on your system, open a terminal window and enter the same ps command listed above, replacing inetd with xinetd:ps aux | grep xinetd
| Figure B |
 |
