Just thought I would throw in my 2 cents on this ports thread.
My inetd.conf file has ONLY the lines needed for the services I run.
For instance: On my mail server I would have only two lines in there.
One for pop and the other for imap. The rest are gone. This makes
it really easy to see if any changes have been made or not (rather
than look for some service that has had the comment accidently removed).
Then I make sure hosts.deny has only the line:
ALL: ALL
My hosts.deny file never changes.
Then I open hosts.allow, and open up the locations for the lines
in inetd.conf (in addition to sshd, which checks the hosts. files,
although it runs as a deamon).
Keep a copy of your original inetd.conf for reference in case you need to
add a line you removed.
For those high traffic services, I have removed them from inetd.conf,
and then run them thru tcpserver. This works much better for me
for something like pop3. inet kept choking on me under high loads;
the minute I moved it over to tcpserver, problems gone.
Just my 2 cents.
Mike
mgcon@getnet.com
http://www.getnet.com/~mgcon
Phoenix, AZ
USA
(text/plain)