You can double-check that insecure services, such as rlogin and rsh (which are included in the
rsh-server package in Fedora and RHEL systems), are also disabled by making sure that disabled
= yes is set in the /etc/xinetd.d/rlogin and rsh files.
TIP
235
Securing Linux 6
You can make the remote login service active but disable the use of the /etc/host
.equiv and .rhosts files, requiring rlogin to always prompt for a password. Rather
than disabling the service, locate the server line in the rsh file (server = /usr/sbin/in.rshd)
and add a space followed by -L at the end.
You now need to send a signal to the xinetd process to tell it to reload its configuration file. The
quickest way to do that in Fedora and RHEL systems is to reload the xinetd service. As the root
user, type the following from a shell:
# service xinetd reload
Reloading configuration: [ OK ]
You can also tell the xinetd process directly to reread the configuration file by sending it a SIGHUP
signal. That works if you are using the inetd daemon instead (on systems such as Debian or
Slackware) to reread the /etc/inetd.conf file. For example, type this (as root user) to have the
inetd daemon reread the configuration file:
# killall -s SIGHUP inetd
That??™s it??”you have enabled the rsync service.
Pages:
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508