To safeguard against potential security vulnerabilities, limit the number of concurrent processes that are running necessary inetd based services. Also, disable any inetd based service that is not required.
The inetadm command configures all inetd based services. For reference, see the inetadm(8) man page.
inetadm -p lists the default settings of properties that are common to all inetd based services. To configure these properties, use the inetadm -m syntax.
$ inetadm -p NAME=VALUE bind_addr="" bind_fail_max=-1 bind_fail_interval=-1 max_con_rate=-1 max_copies=-1 con_rate_offline=-1 failrate_cnt=40 failrate_interval=60 inherit_env=TRUE tcp_trace=FALSE tcp_wrappers=FALSE connection_backlog=10 tcp_keepalive=FALSE
max_copies controls the number of processes that can run concurrently. The value -1 indicates that the number is unlimited. To set limits to the finger service, for example, you would type the following:
$ inetadm ENABLED STATE FMRI disabled disabled svc:/application/cups/in-lpd:default enabled online svc:/network/finger:default disabled disabled svc:/application/x11/xvnc-inetd:default $ inetadm -m svc:/network/finger:default max_copies=3 $ inetadm -l finger | grep copies max_copies=3