UNIX for Dummies Questions & Answers

Ok, So I've been lazy over the past 3 years with the SCO server I maintain, as it just primarily hosts my private networked proprietary software, until now.
We have dedicated net access, in which the SCO server is not setup for and not going to be setup to connect to the internet by any direct means.

So I decided to get SuSE 8.0 professional for a firewall, and being the 'obsessive' person that I am I have over indulged myself with security issues. Which brings me to 'inetd.conf'. I got the Security Essentials by Tom Roxon, if memory serves me correctly, and I dove in head first. So I have decided to impower some of the linux security stuff on the main SCO server which leads me to
inetd.

I shutdown all most all the services, except a few that (barring my ignorance) feel that I need to keep running. This leaving me with some questions about 'chargen', 'discard', 'tcpmux' 'time' and 'daytime'.

Can someone helpme out with what these do as 'services', and any info as to what they do, exactly or somewhere in the same ballpark at least. My man pages dont say squat about chargen and discard.

Also, if I turn them off as services started by inetd, will they still be available for onetime use in other area that may "require" them?

Sorry this was so long, but thanks in advance for any information you may contribute!

P.S. I also learned that cp'ing the .profile from "/" and then editing it was not such a good idea.

You should have a related file to /etc/services that must have the same services setup in a file called /etc/inetd.conf.

Yours may be different but look for a file with the same service names in it.

These services are turned off in my system in /etc/inetd.conf.

time stream tcp nowait root internal
#time dgram udp nowait root internal
#echo stream tcp nowait root internal
#echo dgram udp nowait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp nowait root internal
daytime stream tcp nowait root internal
daytime dgram udp nowait root internal
discard stream tcp nowait root internal
discard dgram udp nowait root internal


The /etc/services controls the port number that is used and the protocol of the port either tcp or udp.

The /etc/inetd.conf file controls the executable portion of the service by actually executing the service like telnet and ftp.


Regarding the .profile there is a default in /etc/profile and in /etc/skel directory if you have that dir.

chargen sends a stream of alphanumeric chars to the app that accesses the port for the purpose of testing. -- You don't need it in most cases.


Test with telnet <hostname> chargen

Ok, so is either one of these time daemons control the "system" time that I call for in my software, that would require it to be started by inetd.conf?

I do have the /etc/services file. I piped it over to lp for a copy to pin on the wall next to my moniter!

Look in your /etc/services for that info.

There is a daemon called NTPD that is a network time protocol. That goes out and gets time from certain stratum level based on a Nuclear clock that the Naval Observatory has.

That is probably not what you need. or have. Do a ps -eaf |grep ntpd. or " type ntpd" to see if it is loaded on your box.

Turn all of those off.
chargen provides a very quick and easy denial of service attack against you. The rest are just plain not needed. A good security rule is to not allow anything to run that is not necessary.

Under most circumstances, I simply turn inetd / xinetd off altogether. I don't run any servers on my home machines.
If I want to be able to connect to my machine internally via network, but leave the outside (public network) closed up, I use xinetd, since you can bind to an interface.

Even a service as benign as ntpd (as discussed below) can wreak havoc if someone wants to mess with you. Say for example, you set it up insecurely... Any person can spoof their way into tricking your machine to thinks it's another time, or even another day. Next thing you know your cron jobs are all messed up, they may be able to create / modify files on your machine (should they break in) that have different dates / times, etc...

If you're going to run a firewall, the ideal situation (assuming that this box can be dedicated to only that) would be to turn off everything. Allow console access only, no remote services, just IP forwarding. A Unix like OpenBSD works great for this, since it installs pretty bare by default.

There are a few good books out there on building firewalls. It might be a good idea to invest a few bucks in one.

I have. I bought Linux Firewalls, Real World Linux Security, Hacking Linux Exposed, and various other Unix Admin books I've gathered up, and BUTT loads of favorites saved on firewalls and security. My favorites folder is pushing 3mg now.