Rusty Wright wrote:
> Roy, the following lines are left uncommented in my inetd.conf file;
> all the rest have been commented out.
>
> #
> # Time service is used for clock synchronization.
> #
> time stream tcp6 nowait root internal
> time dgram udp6 wait root internal
> #
> # Echo, discard, daytime, and chargen are used primarily for testing.
> #
> echo stream tcp6 nowait root internal
> echo dgram udp6 wait root internal
> discard stream tcp6 nowait root internal
> discard dgram udp6 wait root internal
> daytime stream tcp6 nowait root internal
> daytime dgram udp6 wait root internal
> chargen stream tcp6 nowait root internal
> chargen dgram udp6 wait root internal
>
> You may also want to turn off the starting of various services by the
> scripts in the /etc/rc*.d directories. I rename the scripts by
> appending zz_ to them to disable them. Here's my list of zz'd files:
>
> # ls rc*.d/zz_*
> rc2.d/zz_S71rpc* rc2.d/zz_S90wbem* rc3.d/zz_S81volmgt*
> rc2.d/zz_S72slpd* rc2.d/zz_S99dtlogin* rc3.d/zz_S84appserv*
> rc2.d/zz_S73nfs.client* rc3.d/zz_S15nfs.server* rc3.d/zz_S90samba*
> rc2.d/zz_S74autofs* rc3.d/zz_S34dhcp* rcS.d/zz_S50devfsadm*
> rc2.d/zz_S74xntpd* rc3.d/zz_S50apache* rcS.d/zz_S95picld*
> rc2.d/zz_S76nscd* rc3.d/zz_S76snmpdx*
> rc2.d/zz_S85power* rc3.d/zz_S77dmi*

I wrote a little C utility to disable lots of stuff on Solaris boxes,
but I haven't touched it in years - I only ported it to Solaris 7 and 8
(and maybe 6 also). If anyone is interested in a copy, let me know.
It isn't very "smart" and I only used it a few times to setup freshly
installed machines with most of the big security holes plugged.
-fjb

--
Fred J. Bourgeois, III FREDNET Corporation
Colorless Green Ideas Sleep Furiously, and so do I....
FREDNET is a registered service mark of FREDNET Corporation, Scotts
Valley, CA.
[E-mail address in header intentionally mangled ... remove "bonzo"
part]