The inetd Services Policy for Linux securely disables inetd and inetd-based services to reduce attack surface.
Considerations:
- After this policy is bound to a device, no action is needed to activate it.
To create an inetd Services Policy:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- Click (+) and select the Linux tab.
- Locate the inetd Services Policy and click configure.
- Under Settings, make the desired selections.
- Ensure chargen services are not enabled.: Select this to disable the chargen service, which responds with 0 to 512 ASCII characters for each connection it receives and is intended for debugging and testing purposes.
- Ensure daytime services are not enabled.: Select this to disable the daytime service, which responds with the server’s current date and time and is intended for debugging and testing purposes.
- Ensure discard services are not enabled.: Select this to disable the discard service, which discards all data it receives and is intended for debugging and testing purposes.
- Ensure echo services are not enabled.: Select this to disable the echo service, which responds to clients with the data sent to it by the client and is intended for debugging and testing purposes.
- Ensure time services are not enabled.: Select this to disable the time service, which responds with the server’s current date and time as a 32-bit integer and is intended for debugging and testing purposes.
- Ensure rsh server is not enabled.: Select this to disable the rsh server package, which contains legacy services with numerous security exposures and has been replaced by the more secure SSH package.
- Ensure talk server is not enabled.: Select this to disable the talk server, which permits users to send and receive messages through a terminal session, and uses unencrypted protocols for communication.
- Ensure telnet server is not enabled.: Select this to disable the telnet server package, which accepts connections from users from other systems via the insecure and unencrypted telnet protocol.
- Ensure tftp server is not enabled.: Select this to disable the Trivial File Transfer Protocol (TFTP), which does not support authentication or ensure data integrity, and is typically used to automatically transfer configuration or boot machines from a boot server.
- Ensure xinetd is not enabled.: Select this to disable the eXtended InterNET Daemon service, which listens for well-known services and dispatches the appropriate daemon to properly respond to service requests.
Back to Top