uucp Unix to Unix Copy: normally not used on the Internet finger Just provides information useful in guessing passwords tftp Mostly required just for serving X terminal server code comsat Email delivery notification service talk I liked it better the first time, when it was called "a telephone" ntalk Ditto bootp Serves IP addresses for clients (DHCP a better solution?) time System time (Cheswick & Bellovin say no problem) daytime Human readable form of system time echo Is machine alive? (like "ping" command) discard Network version of /dev/null chargen Character stream generator (great fun when combined w/IP spoofing) ypupdated If you don't use NIS, get rid of this systat Just lets people see what your doing on your machine netstat Same thing as systat rpc.rstatd RPC status information used by perfmon rusersd Who's logged on? sprayd Used for testing, mostly walld Lets remote users mess up local users' screens rpc.rwalld RPC version rexd Not very secure remote execution facility
# @(#)inetd.conf 188.8.131.52 (ULTRIX) 4/19/88 # Internet server configuration database # #echo stream tcp nowait /etc/miscd echod #echo dgram udp wait /etc/miscd echod #discard stream tcp nowait /etc/miscd sinkd #discard dgram udp wait /etc/miscd sinkd #systat stream tcp nowait /etc/miscd systatd #systat dgram udp wait /etc/miscd systatd #daytime stream tcp nowait /etc/miscd daytimed #daytime dgram udp wait /etc/miscd daytimed #quote stream tcp nowait /etc/miscd quoted #quote dgram udp wait /etc/miscd quoted #chargen stream tcp nowait /etc/miscd chargend #chargen dgram udp wait /etc/miscd chargend ftp stream tcp nowait /etc/tcpd /usr/etc/ftpd #finger stream tcp nowait /etc/tcpd fingerd telnet stream tcp nowait /etc/tcpd telnetd time stream tcp nowait /etc/tcpd timed time dgram udp wait /etc/miscd timed # Run tftpd standalone #tftp dgram udp nowait /usr/etc/tftpd tftpd -r /usr/local/tftp_dir exec stream tcp nowait /etc/tcpd rexecd login stream tcp nowait /etc/tcpd rlogind shell stream tcp nowait /etc/tcpd rshd . . ....then send a SIGHUP signal to the inetd process. (See the R870 course notes for more details.)
Also consider using the tcpd, or "TCP wrappers" program, for putting access controls and logging on those services you do wish to run.
Another tools is RIIS (Replacement for Internal Internet Services). [Here is the RIIS README file.]