i.inetdconf revision 3361618b69459cc57ec852687200c4c3550ca822
#!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
PATH="/usr/bin:/usr/sbin:${PATH}"
export PATH
# inetd_fini : clean up temp files
inetd_fini() {
rm -f -- $inetsed $inettmp $inetsedhdr
return 0
}
# inetd_undo : restore original file in case of failure
inetd_undo() {
cat $inetold > $inetconf
inetd_fini
}
# inetd_remove : remove daemons specified as arguments by removing
# lines from inetd.conf that match the regular
# expressions provided on stdin (one per line)
# original file is restored and script exits on failure
inetd_remove() {
sed -e 's:/:\\/:g' -e 's:.*:/&/ d:' >> $inetsed
if [ $? -ne 0 ]; then
echo "Unable to append to $inetsed"
inetd_undo
exit 1
fi
return 0
}
# We start by building the giant sed script used to clean out the old
# bundled entries. Broken up into bite-size sections for easier maintenance
# Location for scripts
inetsed=/tmp/inetd.sed.$$
inetsedhdr=/tmp/inetd.sedhdr.$$
# The header editing is built separately so that we only apply it when needed
cat >$inetsedhdr <<EOF
/^# Copyright .* Sun Microsystems/d
/^# Use is subject to license terms/d
EOF
# Remove the traditional introductory comments
inetd_remove intro_comment <<EOF
^# Configuration file for inetd(1M). See inetd.conf(4).
^# To re-configure the running inetd process, edit this file, then
^# send the inetd process a SIGHUP.
^# Syntax for socket-based Internet services:
^# <service_name> <socket_type> <proto> <flags> <user> <server_pathname> <args>
^# Syntax for TLI-based Internet services:
^# <service_name> tli <proto> <flags> <user> <server_pathname> <args>
EOF
# Remove the RPC syntax comments
inetd_remove rpc_comments <<EOF
^# RPC services syntax:
^# <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user>
^# <pathname> <args>
^# <endpoint-type> can be either "tli" or "stream" or "dgram".
^# For "stream" and "dgram" assume that the endpoint is a socket descriptor.
^# <proto> can be either
^# first treated as a nettype. If it is not a valid nettype then it is
^# treated as a netid
^# transports supported by this system, ie. it equates to the "visible"
^# nettype. The syntax for <proto> is:
^#.*<nettype|netid>
^# For example:
^# dummy/1 tli rpc/circuit_v,udp
EOF
# Remove the IPv6 comment which appeared starting in Solaris 8
inetd_remove ipv6_comment <<EOF
^# IPv6 and inetd.conf
^# By specifying a <proto> value of tcp6 or udp6 for a service, inetd will
^# pass the given daemon an AF_INET6 socket. The following daemons have
^# been modified to be able to accept AF_INET6 sockets
^# ftp telnet shell login exec tftp finger printer
^# and service connection requests coming from either IPv4 or IPv6-based
^# transports. Such modified services do not normally require separate
^# configuration lines for tcp or udp. For documentation on how to do this
^# for other services, see the Solaris System Administration Guide.
^# You must verify that a service supports IPv6 before specifying <proto> as
^# tcp6 or udp6. Also, all inetd built-in commands (time, echo, discard,
^# daytime, chargen) require the specification of <proto> as tcp6 or udp6
^# The remote shell server (shell) and the remote execution server
^# (exec) must have an entry for both the "tcp" and "tcp6" <proto> values.
EOF
# Remove entries in inetd.conf for r* deamons
# This also removes the old SEAM unbundled versions of these services
inetd_remove in.rshd in.rlogind in.rexecd in.comsat in.talkd in.fingerd rpc.statd rpc.rusersd rpc.rwalld rpc.sprayd systat netstat <<EOF
^[# ]*shell[ ]*stream
^[# ]*kshell[ ]*stream
^[# ]*login[ ]*stream
^[# ]*klogin[ ]*stream
^[# ]*eklogin[ ]*stream
^[# ]*exec[ ]*stream
^[# ]*comsat[ ]*dgram
^[# ]*talk[ ]*dgram
^[# ]*finger[ ]*stream
^[# ]*rstatd/2-4
^[# ]*rusersd/2-3
^[# ]*walld/1
^[# ]*sprayd/1
^[# ]*systat[ ]*stream
^[# ]*netstat[ ]*stream
^# RSHD
^# RLOGIND
^# REXECD
^# COMSATD
^# TALKD
^# FINGERD
^# RSTATD
^# RUSERSD
^# RWALLD
^# SPRAYD
^# Shell, login, exec, comsat and talk are BSD protocols
^# The spray server is used primarily for testing.
^# The rwall server allows others to post messages to users
^# Rstatd is used by programs such as perfmeter
^#[ ]*.note: Kerberos does not yet support ipv6
^# Finger, systat and netstat give out user information which may be
^# valuable to potential "system crackers." Many sites choose to disable
^# some or all of these services to improve security.
^# The rusers service gives out user information. Sites concerned
^# with security may choose to disable it.
EOF
# Remove entries in inetd.conf for common network service deamons
inetd_remove time daytime echo discard chargen <<EOF
^[# ]*time[ ]*stream
^[# ]*time[ ]*dgram
^[# ]*daytime[ ]*stream
^[# ]*daytime[ ]*dgram
^[# ]*echo[ ]*stream
^[# ]*echo[ ]*dgram
^[# ]*discard[ ]*stream
^[# ]*discard[ ]*dgram
^[# ]*chargen[ ]*stream
^[# ]*chargen[ ]*dgram
^# Time service is used for clock synchronization.
^# Echo, discard, daytime, and chargen are used primarily for testing.
^# Daytime provides a legible form of date and time.
^# Echo is used primarily for testing.
^# Discard is used primarily for testing.
^# Chargen is used primarily for testing.
EOF
# Remove entry in inetd.conf for smserverd daemon
inetd_remove rpc.smserverd <<EOF
^[# ]*100155/1
^# smserverd
EOF
# Remove entry in inetd.conf for telnetd
# Also removes the old SEAM version
inetd_remove in.telnetd <<EOF
^[# ]*telnet[ ]*stream
^[# ]*telnet.*/usr/krb5/lib/telnetd
^# TELNETD
^# Ftp and telnet are standard Internet services.
EOF
# Remove entry in inetd.conf for in.tnamed
inetd_remove in.tnamed <<EOF
^[# ]*name[ ]*dgram
^# TNAMED
^# Tnamed serves the obsolete IEN-116 name server protocol.
EOF
# Remove entry in inetd.conf for printer daemon
inetd_remove in.lpd <<EOF
^[# ]*printer[ ]*stream
^# LPD
^# Print Protocol Adaptor - BSD listener
EOF
# Remove entry in inetd.conf for ocfserv daemon
inetd_remove ocfserv <<EOF
^[# ]*100150/1
^# OCFSERV
^# OCF (Smart card) Daemon
EOF
# Remove entry in inetd.conf for rpc.rexd
inetd_remove rpc.rexd <<EOF
^[# ]*rexd/1
^# REXD
^# The rexd server provides only minimal authentication
EOF
# Remove entry in inetd.conf for rquotad
inetd_remove rquotad <<EOF
^[# ]*rquotad/1
^# RQUOTAD
^# Rquotad supports UFS disk quotas for NFS clients
EOF
# Remove entries in inetd.conf for SLVM daemons
inetd_remove rpc.metad rpc.metamhd rpc.metamedd <<EOF
^[# ]*100229/1
^[# ]*100230/1
^[# ]*100242/1
^# METAD
^# METAMHD
^# METAMEDD
^# SLVM Daemons
EOF
# Remove entry in inetd.conf for ktkt_warnd daemon
inetd_remove ktkt_warnd <<EOF
^[# ]*100134/1
^# KTKT_WARND
^# Kerberos V5 Warning Message Daemon
EOF
# Remove entries in inetd.conf for kpropd
inetd_remove kpropd << EOF
^[# ]*krb5_prop[ ]*stream
^# Kerberos V5 DB Propagation Daemon
EOF
# Remove entry in inetd.conf for GSS daemon
inetd_remove gssd <<EOF
^[# ]*100234/1
^# GSSD
^# GSS Daemon
EOF
# Remove entry in inetd.conf for ftp daemon
# Also removes the old SEAM entry
inetd_remove in.ftpd <<EOF
^[# ]*ftp[ ]*stream
^[# ]*ftp.*/usr/krb5/lib/ftpd
^# FTPD
^# Ftp and telnet are standard Internet services.
EOF
# Remove dr_daemon entry if it is present.
inetd_remove dr_daemon <<EOF
^[# ]*300326/4[ ]*tli
EOF
# Remove the DCS entries from /etc/inetd.conf.
inetd_remove dcs <<EOF
^[# ]*sun-dr[ ]*stream
EOF
# Remove entry in inetd.conf for uucp daemon
inetd_remove in.uucpd <<EOF
^[# ]*uucp[ ]*stream
^# UUCPD
^# Must run as root
EOF
# Not yet converted
# Remove cachefsd
#inetd_remove cachefsd <<EOF
#^[# ]*100235/1[ ]*tli
#^# CacheFS Daemon
#EOF
# Remove font server
inetd_remove fs <<EOF
^[# ]*fs[ ]*stream
^# Sun Font Server
EOF
# Remove nfsmapid
# Only appears in Solaris 10
inetd_remove nfsmapid <<EOF
^[# ]*100166/1
^# NFSv4
EOF
# Remove stfsloader
inetd_remove stfsloader <<EOF
^[# ]*100424/1
^# Standard Type Services Framework
EOF
# Things below here don't appear after Solaris 9
# Remove KCMS
inetd_remove kcms_server <<EOF
^[# ]*100221/1[ ]*tli
^# Sun KCMS Profile Server
EOF
# Remove sadmind
inetd_remove sadmind <<EOF
^[# ]*100232/10[ ]*tli
^# Solstice system
EOF
# Things below here don't appear after Solaris 8
# Remove ufsd
inetd_remove ufsd <<EOF
^[# ]*ufsd/1[ ]*tli
^# UFS-aware service daemon
EOF
# Remove amiserv
inetd_remove amiserv <<EOF
^[# ]*100146/1[ ]*tli
^[# ]*100147/1[ ]*tli
^# AMI Daemon
EOF
# Things below here don't appear after Solaris 7
# Remove kerbd
inetd_remove kerbd <<EOF
^[# ]*kerbd/4[ ]*tli
^# Kerbd Daemon
EOF
# Things below here don't appear after Solaris 2.6
# Remove xaudio
inetd_remove xaudio <<EOF
^[# ]*xaudio[ ]*stream
EOF
# Remove CDE rpc services
inetd_remove cde <<EOF
^[# ]*dtspc[ ]*stream
^[# ]*100083/1[ ]*tli
^[# ]*100068/2-[45][ ]*dgram
^# Sun ToolTalk Database Server
EOF
# End of setup, now process the file
while read src dest
do
sedhdr="-f $inetsedhdr"
if [ ! -f $dest ] ; then
# Must be a fresh install, skip the gymnastics
cp $src $dest
else
inetconf=$dest
inetold=$dest.preupgrade
inettmp=/tmp/inetd.tmp.$$
# Save existing file first
cp $dest $inetold
if [ $? -ne 0 ]; then
echo "Unable to create $inetold"
exit 1
fi
# if new header already there, don't strip copyright or prepend
# new header
grep inetconv $inetconf >/dev/null 2>&1 && sedhdr= && src=
# Execute the stored sed script to remove all standard stuff
sed $sedhdr -f $inetsed < $inetconf > $inettmp
if [ $? -ne 0 ]; then
echo "Unable to create $inettmp"
inetd_undo
exit 1
fi
# Now we have just the customer/3rd-party records and comments.
# Stick our new header on the front, and clean up all the
# extraneous blank comment lines left over from above.
cmp -s $inetconf $inettmp
case $? in
0) ;;
1) cat $src $inettmp | nawk '
BEGIN { lastblank = 0 }
/^#[ \t]*$/ {
if (lastblank == 0) {
lastblank = 1
print
}
next
}
{ lastblank = 0; print }
' > $inetconf
if [ $? -ne 0 ]; then
echo "Unable to construct $inetconf"
inetd_undo
exit 1
fi
;;
*) echo "Unable to read $inetconf or $inettmp"
inetd_undo
exit 1
;;
esac
# Set correct permisisons
chmod 0644 $dest
fi
# Add cachefsd if not there
grep "^[# ]*100235/1[ ]" $dest >/dev/null 2>&1 || \
cat >>$dest <<EOF
#
# CacheFS daemon. Provided only as a basis for conversion by inetconv(1M).
#
100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd
EOF
done
# Clean up temp files
inetd_fini
exit 0