MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

4.  NETWORK SERVICES

Most system services that can be accessed via the network are defined in the inetd.conf file.  The

inetd.conf file contains the configuration for the inetd program.  The inetd program is a daemon

that listens for network connection requests and services them by spawning another process.  If

the requested service is not defined in its configuration file, inetd will refuse to provide the

service.  Sites can limit the types of network services provided by commenting out the lines that

define the service in the inetd.conf file.  A list of services that are normally commented out is

shown below.  In most cases, only telnet, ftp, and other system and application services are

enabled.  On all Mac OS X workstations the inetd.conf file will be renamed to noinetaccess.txt

and placed in /var/adm/ directory.  Then a blank inetd.conf file will be put in the place of the old

one.  This is in case the file is needed later for troubleshooting the Mac.  There should be no

reason to alter the blank file, but if one is needed the SA and IAO will document the reasons.

NOTE:  When running Mac OS X servers the restrictions for the inetd.conf can be altered to

allow for web services and other network services.

(OSX1026SEC0100:  CAT I)  The IAO will ensure the following non exhaustive list of

potential network services shows services that are not usually necessary for operations.

These services are disabled in the inetd.conf file unless justified and documented with the

IAO.

admind nsed

rpc_keyserv

sysstat

chargen nsemntd rpc_sched  talkd

echo pfilt  rquotad  tfsd

etherstatd portd

rsh

tftpd

fingerd quaked rstatd

timed

ICQ server

rexd

rusersd

ttdb

identd rexecd selectd  ugidd

named rje_mapper

serverd  uucpd

netstat rlogind showfhd  walld

netstatd rpc_3270

sprayd

nit rpc_alias

statmon

nntp rpc_database

sunlink_mapper

(OSX1026SVR0044:  CAT III) The SA will ensure all network services required for

operations are justified and documented with the IAO

(OSX1026GEN0107:  CAT II) The SA will ensure the inetd.conf file is owned by root or bin.

(OSX1026GEN0108:  CAT II) The SA will ensure the inetd.conf file has permissions of 440,

or more restrictive.

(OSX1026SVR0045:  CAT III) The SA will ensure inetd logging/tracing is enabled.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved