#!/bin/bash inet_disable() { rm -f /etc/inetd.conf.bak mv /etc/inetd.conf /etc/inetd.conf.bak sed -e "s/^$1/#$1/" /etc/inetd.conf fgrep -i $1 /etc/inetd.conf } inet_enable() { rm -f /etc/inetd.conf.bak mv /etc/inetd.conf /etc/inetd.conf.bak sed -e "s/^#$1/$1/" /etc/inetd.conf fgrep -i $1 /etc/inetd.conf } cp /etc/inetd.conf /etc/inetd.conf.orig #leftovers #inet_disable gopher #inet_disable shell #inet_disable login # # first disable all services # inet_disable echo inet_disable discard inet_disable daytime inet_disable chargen inet_disable ftp inet_disable telnet inet_disable gopher inet_disable smtp inet_disable nntp inet_disable shell inet_disable login inet_disable exec inet_disable talk inet_disable ntalk inet_disable dtalk inet_disable pop-2 inet_disable pop-3 inet_disable imap inet_disable uucp inet_disable finger inet_disable cfinger inet_disable systat inet_disable netstat inet_disable time inet_disable auth #now make sure they are all disabled grep ^[a-zA-Z] /dev/null for i in /etc/rc.d/rc*d; do cd $i for j in S[0-9][0-9]$1; do # echo $j if [ -e $i/$j ]; then echo mv -f $i/$j $i/disable.$j mv -f $i/$j $i/disable.$j fi done done popd >/dev/null } init_enable() { local i local j local stripped pushd /etc >/dev/null for i in /etc/rc.d/rc*d; do cd $i for j in disable.S[0-9][0-9]$1; do if [ -e $i/$j ]; then stripped=`echo $j | sed -e"s/^disable.//"` echo mv -f $i/$j $i/${stripped} mv -f $i/$j $i/${stripped} fi done done popd >/dev/null } init_disable amd init_disable cron init_disable gpm init_disable httpd init_disable inet init_disable keytable init_disable lpd.init init_disable mars_nwe init_disable named.init init_disable network init_disable news init_disable nfs init_disable nfsfs init_disable pcmcia init_disable portmap init_disable random init_disable sendmail init_disable smb init_disable syslog init_disable yppasswd init_disable ypserv #init_enable amd init_enable cron init_enable gpm init_enable httpd init_enable inet init_enable keytable init_enable lpd.init #init_enable mars_nwe init_enable named.init init_enable network #init_enable news #init_enable nfs #init_enable nfsfs #init_enable pcmcia #init_enable portmap #Note Random is good for security init_enable random #init_enable sendmail init_enable smb init_enable syslog #init_enable yppasswd #init_enable ypserv # in this disabled state, the following processes were running: # FLAGS UID PID PPID PRI NI SIZE RSS WCHAN STA TTY TIME COMMAND # 100 0 1 0 3 0 880 340 do_select S ? 0:03 init [3] # 40 0 2 1 0 0 0 0 bdflush SW ? 0:00 (kflushd) # 40 0 3 1 -12 -12 0 0 kswapd SW< ? 0:00 (kswapd) # 40 0 4 1 0 0 0 0 nfsiod SW ? 0:00 (nfsiod) # 40 0 5 1 0 0 0 0 nfsiod SW ? 0:00 (nfsiod) # 40 0 6 1 0 0 0 0 nfsiod SW ? 0:00 (nfsiod) # 40 0 7 1 0 0 0 0 nfsiod SW ? 0:00 (nfsiod) # 140 0 23 1 2 0 868 308 real_msgrcv S ? 0:00 /sbin/kerneld #100100 0 61 1 6 0 864 304 read_chan S 2 0:00 /sbin/mingetty tty2 #100100 0 62 1 6 0 864 304 read_chan S 3 0:00 /sbin/mingetty tty3 #100100 0 63 1 6 0 864 304 read_chan S 4 0:00 /sbin/mingetty tty4 #100100 0 64 1 6 0 864 304 read_chan S 5 0:00 /sbin/mingetty tty5 #100100 0 65 1 6 0 864 304 read_chan S 6 0:00 /sbin/mingetty tty6 # 140 0 67 1 8 0 860 284 sigsuspend S ? 0:00 update (bdflush) #100100 0 68 1 8 0 1016 736 wait4 S 1 0:00 /bin/login -- root # 100 0 69 68 13 0 1268 720 wait4 S 1 0:00 -bash #100000 0 82 69 19 0 1020 404 R 1 0:00 ps -axlww # # Note that /etc/rc.d/rc.sysinit should have started kerneld. May #reboot echo changes will not take effect until system is rebooted