#!/bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PATH="/usr/bin:/usr/sbin:${PATH}" export PATH # inetd_fini : clean up temp files inetd_fini() { rm -f -- $inetsed $inettmp $inetsedhdr return 0 } # inetd_undo : restore original file in case of failure inetd_undo() { cat $inetold > $inetconf inetd_fini } # inetd_remove : remove daemons specified as arguments by removing # lines from inetd.conf that match the regular # expressions provided on stdin (one per line) # original file is restored and script exits on failure inetd_remove() { sed -e 's:/:\\/:g' -e 's:.*:/&/ d:' >> $inetsed if [ $? -ne 0 ]; then echo "Unable to append to $inetsed" inetd_undo exit 1 fi return 0 } # We start by building the giant sed script used to clean out the old # bundled entries. Broken up into bite-size sections for easier maintenance # Location for scripts inetsed=/tmp/inetd.sed.$$ inetsedhdr=/tmp/inetd.sedhdr.$$ # The header editing is built separately so that we only apply it when needed cat >$inetsedhdr <<EOF /^# Copyright .* Sun Microsystems/d /^# Use is subject to license terms/d EOF # Remove the traditional introductory comments inetd_remove intro_comment <<EOF ^# Configuration file for inetd(1M). See inetd.conf(4). ^# To re-configure the running inetd process, edit this file, then ^# send the inetd process a SIGHUP. ^# Syntax for socket-based Internet services: ^# <service_name> <socket_type> <proto> <flags> <user> <server_pathname> <args> ^# Syntax for TLI-based Internet services: ^# <service_name> tli <proto> <flags> <user> <server_pathname> <args> EOF # Remove the RPC syntax comments inetd_remove rpc_comments <<EOF ^# RPC services syntax: ^# <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user> ^# <pathname> <args> ^# <endpoint-type> can be either "tli" or "stream" or "dgram". ^# For "stream" and "dgram" assume that the endpoint is a socket descriptor. ^# <proto> can be either ^# first treated as a nettype. If it is not a valid nettype then it is ^# treated as a netid ^# transports supported by this system, ie. it equates to the "visible" ^# nettype. The syntax for <proto> is: ^#.*<nettype|netid> ^# For example: ^# dummy/1 tli rpc/circuit_v,udp EOF # Remove the IPv6 comment which appeared starting in Solaris 8 inetd_remove ipv6_comment <<EOF ^# IPv6 and inetd.conf ^# By specifying a <proto> value of tcp6 or udp6 for a service, inetd will ^# pass the given daemon an AF_INET6 socket. The following daemons have ^# been modified to be able to accept AF_INET6 sockets ^# ftp telnet shell login exec tftp finger printer ^# and service connection requests coming from either IPv4 or IPv6-based ^# transports. Such modified services do not normally require separate ^# configuration lines for tcp or udp. For documentation on how to do this ^# for other services, see the Solaris System Administration Guide. ^# You must verify that a service supports IPv6 before specifying <proto> as ^# tcp6 or udp6. Also, all inetd built-in commands (time, echo, discard, ^# daytime, chargen) require the specification of <proto> as tcp6 or udp6 ^# The remote shell server (shell) and the remote execution server ^# (exec) must have an entry for both the "tcp" and "tcp6" <proto> values. EOF # Remove entries in inetd.conf for r* deamons # This also removes the old SEAM unbundled versions of these services inetd_remove in.rshd in.rlogind in.rexecd in.comsat in.talkd in.fingerd rpc.statd rpc.rusersd rpc.rwalld rpc.sprayd systat netstat <<EOF ^[# ]*shell[ ]*stream ^[# ]*kshell[ ]*stream ^[# ]*login[ ]*stream ^[# ]*klogin[ ]*stream ^[# ]*eklogin[ ]*stream ^[# ]*exec[ ]*stream ^[# ]*comsat[ ]*dgram ^[# ]*talk[ ]*dgram ^[# ]*finger[ ]*stream ^[# ]*rstatd/2-4 ^[# ]*rusersd/2-3 ^[# ]*walld/1 ^[# ]*sprayd/1 ^[# ]*systat[ ]*stream ^[# ]*netstat[ ]*stream ^# RSHD ^# RLOGIND ^# REXECD ^# COMSATD ^# TALKD ^# FINGERD ^# RSTATD ^# RUSERSD ^# RWALLD ^# SPRAYD ^# Shell, login, exec, comsat and talk are BSD protocols ^# The spray server is used primarily for testing. ^# The rwall server allows others to post messages to users ^# Rstatd is used by programs such as perfmeter ^#[ ]*.note: Kerberos does not yet support ipv6 ^# Finger, systat and netstat give out user information which may be ^# valuable to potential "system crackers." Many sites choose to disable ^# some or all of these services to improve security. ^# The rusers service gives out user information. Sites concerned ^# with security may choose to disable it. EOF # Remove entries in inetd.conf for common network service deamons inetd_remove time daytime echo discard chargen <<EOF ^[# ]*time[ ]*stream ^[# ]*time[ ]*dgram ^[# ]*daytime[ ]*stream ^[# ]*daytime[ ]*dgram ^[# ]*echo[ ]*stream ^[# ]*echo[ ]*dgram ^[# ]*discard[ ]*stream ^[# ]*discard[ ]*dgram ^[# ]*chargen[ ]*stream ^[# ]*chargen[ ]*dgram ^# Time service is used for clock synchronization. ^# Echo, discard, daytime, and chargen are used primarily for testing. ^# Daytime provides a legible form of date and time. ^# Echo is used primarily for testing. ^# Discard is used primarily for testing. ^# Chargen is used primarily for testing. EOF # Remove entry in inetd.conf for smserverd daemon inetd_remove rpc.smserverd <<EOF ^[# ]*100155/1 ^# smserverd EOF # Remove entry in inetd.conf for telnetd # Also removes the old SEAM version inetd_remove in.telnetd <<EOF ^[# ]*telnet[ ]*stream ^[# ]*telnet.*/usr/krb5/lib/telnetd ^# TELNETD ^# Ftp and telnet are standard Internet services. EOF # Remove entry in inetd.conf for in.tnamed inetd_remove in.tnamed <<EOF ^[# ]*name[ ]*dgram ^# TNAMED ^# Tnamed serves the obsolete IEN-116 name server protocol. EOF # Remove entry in inetd.conf for printer daemon inetd_remove in.lpd <<EOF ^[# ]*printer[ ]*stream ^# LPD ^# Print Protocol Adaptor - BSD listener EOF # Remove entry in inetd.conf for ocfserv daemon inetd_remove ocfserv <<EOF ^[# ]*100150/1 ^# OCFSERV ^# OCF (Smart card) Daemon EOF # Remove entry in inetd.conf for rpc.rexd inetd_remove rpc.rexd <<EOF ^[# ]*rexd/1 ^# REXD ^# The rexd server provides only minimal authentication EOF # Remove entry in inetd.conf for rquotad inetd_remove rquotad <<EOF ^[# ]*rquotad/1 ^# RQUOTAD ^# Rquotad supports UFS disk quotas for NFS clients EOF # Remove entries in inetd.conf for SLVM daemons inetd_remove rpc.metad rpc.metamhd rpc.metamedd <<EOF ^[# ]*100229/1 ^[# ]*100230/1 ^[# ]*100242/1 ^# METAD ^# METAMHD ^# METAMEDD ^# SLVM Daemons EOF # Remove entry in inetd.conf for ktkt_warnd daemon inetd_remove ktkt_warnd <<EOF ^[# ]*100134/1 ^# KTKT_WARND ^# Kerberos V5 Warning Message Daemon EOF # Remove entries in inetd.conf for kpropd inetd_remove kpropd << EOF ^[# ]*krb5_prop[ ]*stream ^# Kerberos V5 DB Propagation Daemon EOF # Remove entry in inetd.conf for GSS daemon inetd_remove gssd <<EOF ^[# ]*100234/1 ^# GSSD ^# GSS Daemon EOF # Remove entry in inetd.conf for ftp daemon # Also removes the old SEAM entry inetd_remove in.ftpd <<EOF ^[# ]*ftp[ ]*stream ^[# ]*ftp.*/usr/krb5/lib/ftpd ^# FTPD ^# Ftp and telnet are standard Internet services. EOF # Remove dr_daemon entry if it is present. inetd_remove dr_daemon <<EOF ^[# ]*300326/4[ ]*tli EOF # Remove the DCS entries from /etc/inetd.conf. inetd_remove dcs <<EOF ^[# ]*sun-dr[ ]*stream EOF # Remove entry in inetd.conf for uucp daemon inetd_remove in.uucpd <<EOF ^[# ]*uucp[ ]*stream ^# UUCPD ^# Must run as root EOF # Not yet converted # Remove cachefsd #inetd_remove cachefsd <<EOF #^[# ]*100235/1[ ]*tli #^# CacheFS Daemon #EOF # Remove font server inetd_remove fs <<EOF ^[# ]*fs[ ]*stream ^# Sun Font Server EOF # Remove nfsmapid # Only appears in Solaris 10 inetd_remove nfsmapid <<EOF ^[# ]*100166/1 ^# NFSv4 EOF # Remove stfsloader inetd_remove stfsloader <<EOF ^[# ]*100424/1 ^# Standard Type Services Framework EOF # Things below here don't appear after Solaris 9 # Remove KCMS inetd_remove kcms_server <<EOF ^[# ]*100221/1[ ]*tli ^# Sun KCMS Profile Server EOF # Remove sadmind inetd_remove sadmind <<EOF ^[# ]*100232/10[ ]*tli ^# Solstice system EOF # Things below here don't appear after Solaris 8 # Remove ufsd inetd_remove ufsd <<EOF ^[# ]*ufsd/1[ ]*tli ^# UFS-aware service daemon EOF # Remove amiserv inetd_remove amiserv <<EOF ^[# ]*100146/1[ ]*tli ^[# ]*100147/1[ ]*tli ^# AMI Daemon EOF # Things below here don't appear after Solaris 7 # Remove kerbd inetd_remove kerbd <<EOF ^[# ]*kerbd/4[ ]*tli ^# Kerbd Daemon EOF # Things below here don't appear after Solaris 2.6 # Remove xaudio inetd_remove xaudio <<EOF ^[# ]*xaudio[ ]*stream EOF # Remove CDE rpc services inetd_remove cde <<EOF ^[# ]*dtspc[ ]*stream ^[# ]*100083/1[ ]*tli ^[# ]*100068/2-[45][ ]*dgram ^# Sun ToolTalk Database Server EOF # End of setup, now process the file while read src dest do sedhdr="-f $inetsedhdr" if [ ! -f $dest ] ; then # Must be a fresh install, skip the gymnastics cp $src $dest else inetconf=$dest inetold=$dest.preupgrade inettmp=/tmp/inetd.tmp.$$ # Save existing file first cp $dest $inetold if [ $? -ne 0 ]; then echo "Unable to create $inetold" exit 1 fi # if new header already there, don't strip copyright or prepend # new header grep inetconv $inetconf >/dev/null 2>&1 && sedhdr= && src= # Execute the stored sed script to remove all standard stuff sed $sedhdr -f $inetsed < $inetconf > $inettmp if [ $? -ne 0 ]; then echo "Unable to create $inettmp" inetd_undo exit 1 fi # Now we have just the customer/3rd-party records and comments. # Stick our new header on the front, and clean up all the # extraneous blank comment lines left over from above. cmp -s $inetconf $inettmp case $? in 0) ;; 1) cat $src $inettmp | nawk ' BEGIN { lastblank = 0 } /^#[ \t]*$/ { if (lastblank == 0) { lastblank = 1 print } next } { lastblank = 0; print } ' > $inetconf if [ $? -ne 0 ]; then echo "Unable to construct $inetconf" inetd_undo exit 1 fi ;; *) echo "Unable to read $inetconf or $inettmp" inetd_undo exit 1 ;; esac # Set correct permisisons chmod 0644 $dest fi # Add cachefsd if not there grep "^[# ]*100235/1[ ]" $dest >/dev/null 2>&1 || \ cat >>$dest <<EOF # # CacheFS daemon. Provided only as a basis for conversion by inetconv(1M). # 100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd EOF done # Clean up temp files inetd_fini exit 0