###### # # usage: ninetd [-d] [-b backlog] [-f config] # # -d - enable debugging. prevent backgrounding. # -b - set the overall TCP listen(2) queue max (default: 10) # -f - set the config file (default: /local/etc/ninetd.conf) # ###### # # config entry format: # service { options } spec # should look like "telnet/tcp" or "comsat/udp" or "123/tcp" # can be any of ... # "log" - log connections (syslog) # "user" userid - run server as userid # "connect" - this udp server uses connect(2) # "restrict" filename - set access restriction file # "stats" minutes - log connect stats at intervals # "interface" [!]interface{,[!]interface} # - set interface(s) to [not] use # "libwrap" wrapname - set identity name for tcpwrappers # "max" limit - set ceiling for num of active servers # "filter" filtername - set access restriction filter # "backlog" limit - set max listen(2) queue size # (applies only to tcp services). # # should be one of ... # "program" filename [ argv ] # or # "internal" handler # # available internal handlers: # tcp_echo udp_echo - echo received data[gram] # tcp_discard udp_discard - read and discard incoming data[gram] # tcp_time udp_time - return 32-bit time since 1970 # tcp_daytime udp_daytime - return human-readable time # tcp_chargen udp_chargen - familiar character generator # tcp_dropconn - simply drop connection (for logging) # # restrict list entry format: # "allow" ip-num [ "mask" netmask ] # "disallow" ip-num [ "mask" netmask ] # "include" filename # can be an IP network address or an IP host address. # ## # # eg. reject and log all connections to the exec/tcp service ... # # exec/tcp log max 0 internal tcp_dropconn # ## # # filter definition format: # "{ filter" filtername # filter-list # "}" # (the '{' and '}' characters must be the first tokens on the line) # # filter-list entry format: # "allow" ip-num [ "mask" netmask ] # "disallow" ip-num [ "mask" netmask ] # "insert" filtername # can be an IP network address or an IP host address. # # a filter is just a restrict list. the main difference is it's defined # in the config file instead of in a separate restrict file. the other # difference is that the "insert" keyword is used instead of "include" # to distinguish building up filters versus building up restrict lists. # eg. # { filter loopback # allow 127.0.0.0 mask 255.0.0.0 # } # { filter utcs-ether # allow 128.100.102.0 mask 255.255.255.0 # insert loopback # } # # 10101/tcp log filter utcs-ether internal tcp_daytime # ## # # libwrap - set the tcpwrapper lookups to use alternate file paths. # usage: # "{ libwrap" # "allow" allow-path # "deny" deny-path # "}" # # (the '{' and '}' characters must be the first tokens on the line) # # default : [/local]/etc/hosts.allow # default : [/local]/etc/hosts.deny # ###### # maybe later #bootps/udp log program /etc/bootpd bootpd #tftp/udp log program /etc/tftpd tftpd -n #biff/udp log program /etc/comsat comsat #finger/tcp log user nobody program /etc/fingerd fingerd #ftp/tcp log program /etc/ftpd ftpd # for now, just log and drop bootps/udp log internal udp_discard tftp/udp log internal udp_discard biff/udp log internal udp_discard finger/tcp log internal tcp_dropconn ftp/tcp log internal tcp_dropconn instsrv/tcp log internal tcp_dropconn login/tcp log libwrap rshell program /etc/rlogind rlogind shell/tcp log libwrap rshell program /etc/rshd rshd # so hosts.allow should have an entry which looks like ... # rshell: host1 host2 ... hostN # and hosts.deny could have an entry which looks like ... # rshell: ALL telnet/tcp log max 50 program /etc/telnetd telnetd # allows only 50 telnet connections at a time. #talk/udp log program /etc/talkd talkd ntalk/udp log program /etc/talkd talkd # # internal services # time/udp stats 60 internal udp_time time/tcp stats 60 internal tcp_time daytime/udp stats 60 internal udp_daytime daytime/tcp stats 60 internal tcp_daytime discard/udp stats 60 internal udp_discard discard/tcp stats 60 internal tcp_discard chargen/udp stats 60 internal udp_chargen chargen/tcp stats 60 internal tcp_chargen echo/udp log internal udp_echo echo/tcp log internal tcp_echo # # local additions # track/tcp log restrict /local/etc/restrict/track program /local/sbin/track/trackd trackd -inetd # amanda. amanda/udp log user panda program /local/sbin/amandad #amandaidx/tcp log user panda program /local/sbin/amindexd