Insecure Service Disablement
Insecure services can be disabled by commenting them out of inetd.conf. The comment character is a hash (#). Consider making a backup copy of inetd.conf before editing. For information on inetd(1M) and inetd.conf(4), consult their respective man pages.
Remove any service not needed for your environment. In particular, remove ftp, telnet, shell, login, and exec. Consider removing echo, discard, daytime, chargen, comsat, and talk services as well. These are normally not needed.
To Disable Insecure Services
Become the superuser.
Edit /etc/inetd.conf and comment out insecure services.
Use the kill(2) command to send the HANGUP signal to inetd(1M).
Ensure that the services have been disabled.
# ps -ef | grep inetd | grep -v grep root 153 1 0 Dec 09 ? 0:02 /usr/sbin/inetd -s # kill -HUP 153
$ telnet localhost Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused $ rsh localhost localhost: Connection refused