Example
B
This is an example of the /etc/ftpusers
file.
#cat /etc/ftpusers
root
daemon
bin
sys
adm
lp
smtp
uucp
nuucp
listen
nobody
noaccess
nobody4
Example
C
This is an example of part of the
/etc/default/login file
#head -12 /etc/default/login
#ident "@(#)login.dfl 1.8
96/10/18 SMI" /* SVr4.0 1.1.1.1
*/
# Set the TZ environment variable
of the shell.
#
#TIMEZONE=EST5EDT
# ULIMIT sets the file size limit
for the login. Units are disk blocks.
# The default of zero means no limit.
#
#ULIMIT=0
# If CONSOLE is set, root can only
login on that device.
# Comment this line out to allow remote
login by root.
#
CONSOLE=/dev/console
Example
D
This is an example of part of
the /etc/inetd.conf file
#head -35 /etc/inetd.conf
#ident "@(#)inetd.conf 1.27
96/09/24 SMI" /* SVr4.0 1.5 */
#
#
# Configuration file for inetd(1M).
See inetd.conf(4).
#
# To re-configure the running inetd
process, edit this file, then
# send the inetd process a SIGHUP.
#
# Syntax for socket-based Internet
services:
# <service_name> <socket_type>
<proto> <flags> <user> <server_pathname> <args>
#
# Syntax for TLI-based Internet services:
#
# <service_name> tli <proto>
<flags> <user> <server_pathname> <args>
#
# Ftp and telnet are standard Internet
services.
#
#ftp stream
tcp nowait root /usr/sbin/in.ftpd
in.ftpd
#telnet stream tcp
nowait root /usr/sbin/in.telnetd
in.telnetd
#
# TCP Wrappers for Telnet and FTP
# Installed 7 June, 1998
#
ftp stream
tcp nowait root /usr/local/bin/tcpd
in.ftpd
telnet stream tcp
nowait root /usr/local/bin/tcpd
in.telnetd
#
# Tnamed serves the obsolete IEN-116
name server protocol.
#
#name dgram
udp wait root
/usr/sbin/in.tnamed in.tnamed
#
# Shell, login, exec, comsat and talk
are BSD protocols.
#
#shell stream
tcp nowait root /usr/sbin/in.rshd
in.rshd
#login stream
tcp nowait root /usr/sbin/in.rlogind
in.rlogind
#exec stream tcp
nowait root /usr/sbin/in.rexecd
in.rexecd
#comsat dgram udp
wait root /usr/sbin/in.comsat
in.comsat
Example
E
This is an example of the /etc/syslog.conf
file NOTE: Do not use the space bar for /etc/syslog.conf,
you must use tabs!
#cat /etc/syslog.conf
#ident "@(#)syslog.conf
1.4 96/10/11 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1993, by Sun
Microsystems, Inc.
#
# syslog configuration file.
#
# This file is processed by m4 so
be careful to quote (`') names
# that match m4 reserved words.
Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice
/dev/console
*.err;kern.debug;mail.crit,daemon.notice
/var/adm/messages
#
# Log all TCP Wrapper connections
#
local3.info
/var/adm/tcpdlog
*.alert;kern.err;daemon.err
operator
*.alert
root
*.emerg *
# if a non-loghost machine chooses
to have authentication messages
# sent to the loghost machine, un-comment
out the following line:
#auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the
following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err
/dev/console
user.err
/var/adm/messages
user.alert
`root, operator'
user.emerg
*
)
Example
F
This is an example of the access control
lists for TCP Wrappers
#cat /etc/hosts.allow
ALL: merlin,zeus,david: ALLOW
#cat /etc/hosts.deny
ALL: ALL
Example
G
This is an example of setting the
TCP initial sequence number generation parameters in the file /etc/default/inetinit
#cat /etc/default/inetint
# @(#)inetinit.dfl 1.2 97/05/08
#
# TCP_STRONG_ISS sets the TCP initial
sequence number generation parameters.
# Set TCP_STRONG_ISS to be:
# 0 = Old-fashioned sequential
initial sequence number generation.
# 1 = Improved sequential
generation, with random variance in increment.
# 2 = RFC 1948 sequence
number generation, unique-per-connection-ID.
#
TCP_STRONG_ISS=2
Example
H
These commands set paramertes
for the IP module, /dev/ip. ndd is the command used to set these
modules. For more information on ndd, see the ndd(1M)
man page.
ndd -set /dev/ip ip_respond_to_echo_broadcast
0
System will
not to ICMP broadcast requests (such as 192.168.1.255)
ndd -set /dev/ip ip_forward_directed_broadcasts
0
System will
not forward (route) ICMP broadcast requests.
ndd -set /dev/ip ip_respond_to_timestamp
0
System will
not respond to timestamp requests.
ndd -set /dev/ip ip_respond_to_timestamp_broadcast
0
System will
not respond to broadcast timestamp requests
ndd -set /dev/ip ip_forward_src_routed
0
System will
not forward (route) ip_source routed packets.
ndd -set /dev/ip ip_ignore_redirect
1
System will
ignore all ICMP redirects.