In inetd section:
- Add some missing tags, and fixes somr wrong tags - Some little rewordings/fixes - Punctuation fixes
This commit is contained in:
Marc Fonvieille
parent
04a05699f2
commit
c852b6a27a
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=20577
1 changed files with 13 additions and 13 deletions
|
|
@ -6848,7 +6848,7 @@ redirect_port tcp 192.168.0.3:80 80</programlisting>
|
|||
<para><application>inetd</application> is initialized through
|
||||
the <filename>/etc/rc.conf</filename> system. The
|
||||
<literal>inetd_enable</literal> option is set to
|
||||
<quote>NO</quote> by default, but is often times turned on by
|
||||
<literal>NO</literal> by default, but is often times turned on by
|
||||
<application>sysinstall</application> with the medium security
|
||||
profile. Placing:
|
||||
<programlisting>inetd_enable="YES"</programlisting> or
|
||||
|
|
@ -6956,8 +6956,8 @@ redirect_port tcp 192.168.0.3:80 80</programlisting>
|
|||
appropriate protocol type for each binding is required for
|
||||
each service in <filename>/etc/inetd.conf</filename>. For
|
||||
example, a TCP-based service would need two entries, one
|
||||
using <quote>tcp4</quote> for the protocol and the other using
|
||||
<quote>tcp6</quote>.</para>
|
||||
using <literal>tcp4</literal> for the protocol and the other using
|
||||
<literal>tcp6</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -6975,7 +6975,7 @@ redirect_port tcp 192.168.0.3:80 80</programlisting>
|
|||
<application>inetd</application> using the
|
||||
<literal>inetd_flags</literal> option in
|
||||
<filename>/etc/rc.conf</filename>. By default,
|
||||
<literal>inetd_flags</literal> is set to <quote>-wW</quote>,
|
||||
<literal>inetd_flags</literal> is set to <literal>-wW</literal>,
|
||||
which turns on TCP wrapping for
|
||||
<application>inetd</application>'s internal and external
|
||||
services. For novice users, these parameters usually do not need
|
||||
|
|
@ -7109,7 +7109,7 @@ server-program-arguments</programlisting>
|
|||
<para><option>wait|nowait</option> indicates whether the
|
||||
daemon invoked from <application>inetd</application> is
|
||||
able to handle its own socket or not.
|
||||
<option>dgram</option> socket types must use the wait
|
||||
<option>dgram</option> socket types must use the <option>wait</option>
|
||||
option, while stream socket daemons, which are usually
|
||||
multi-threaded, should use <option>nowait</option>.
|
||||
<option>wait</option> usually hands off multiple sockets
|
||||
|
|
@ -7142,15 +7142,15 @@ server-program-arguments</programlisting>
|
|||
<para>A stream-type multi-threaded daemon without any
|
||||
<option>max-child</option> or
|
||||
<option>max-connections-per-ip-per-minute</option> limits
|
||||
would simply be: <literal>nowait</literal></para>
|
||||
would simply be: <literal>nowait</literal>.</para>
|
||||
|
||||
<para>The same daemon with a maximum limit of ten daemons
|
||||
would read: <literal>nowait/10</literal></para>
|
||||
would read: <literal>nowait/10</literal>.</para>
|
||||
|
||||
<para>Additionally, the same setup with a limit of twenty
|
||||
connections per IP address per minute and a maximum
|
||||
total limit of ten child daemons would read:
|
||||
<literal>nowait/10/20</literal></para>
|
||||
<literal>nowait/10/20</literal>.</para>
|
||||
|
||||
<para>These options are all utilized by the default
|
||||
settings of the <application>fingerd</application> daemon,
|
||||
|
|
@ -7164,7 +7164,7 @@ server-program-arguments</programlisting>
|
|||
<term>user</term>
|
||||
|
||||
<listitem>
|
||||
<para>The user is the username that the particular daemon
|
||||
<para>This is the username that the particular daemon
|
||||
should run as. Most commonly, daemons run as the
|
||||
<username>root</username> user. For security purposes, it is
|
||||
common to find some servers running as the
|
||||
|
|
@ -7191,10 +7191,10 @@ server-program-arguments</programlisting>
|
|||
<listitem>
|
||||
<para>This works in conjunction with
|
||||
<option>server-program</option> by specifying the
|
||||
arguments, starting with argv[0], passed to the daemon on
|
||||
invocation. If <application>mydaemon -d</application> is
|
||||
arguments, starting with <literal>argv[0]</literal>, passed to the daemon on
|
||||
invocation. If <command>mydaemon -d</command> is
|
||||
the command line, <literal>mydaemon -d</literal> would be
|
||||
the value of <option>server program arguments</option>.
|
||||
the value of <option>server-program-arguments</option>.
|
||||
Again, if the daemon is an internal service, use
|
||||
<option>internal</option> here.</para>
|
||||
</listitem>
|
||||
|
|
@ -7219,7 +7219,7 @@ server-program-arguments</programlisting>
|
|||
non-existent timeouts for connection attempts. This allows an
|
||||
attacker to slowly send connections to a particular daemon, thus
|
||||
saturating available resources. It may be a good idea to place
|
||||
<option>ip-per-minute</option> and <option>max-child</option>
|
||||
<option>max-connections-per-ip-per-minute</option> and <option>max-child</option>
|
||||
limitations on certain daemons.</para>
|
||||
|
||||
<para>By default, TCP wrapping is turned on. Consult the
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue