To safeguard against potential security vulnerabilities, you should configure systems that are running necessary inetd based services so that the number of concurrent processes are limited. In addition, if a service that is controlled by the inetd daemon is not required disable that service. See Stopping a Service in Managing System Services in Oracle Solaris 11.3 for instructions.
The inetd daemon is the delegated restarter for Internet services for the Service Management Facility (SMF). Use the inetadm command to display a list of the services that are controlled by inetd:
$ inetadm ENABLED STATE FMRI disabled disabled svc:/application/cups/in-lpd:default enabled online svc:/network/finger:default disabled disabled svc:/application/x11/xvnc-inetd:default
Then, decide on the desired maximum number of concurrent processes for a given service and set allowable limits for that service by using the inetadm command to set the max_copies property for the specified service.
For example, you would set a limit of concurrent instances for the finger service to 3 as follows:
# inetadm -m svc:/network/finger:default max_copies=3
Then, verify the change as follows:
$ inetadm -l finger | grep copies max_copies=3
The –l option displays the current values for all of the properties of a specified service.
Use the –p option to list the properties that are common to all services that are managed by the inetd daemon and their default values.
$ inetadm -p NAME=VALUE bind_addr="" bind_fail_max=-1 bind_fail_interval=-1 max_con_rate=-1 max_copies=-1 con_rate_offline=-1 failrate_cnt=40 failrate_interval=60 inherit_env=TRUE tcp_trace=FALSE tcp_wrappers=FALSE connection_backlog=10 tcp_keepalive=FALSE
The -1 value for the max_copies property means that by default the number of processes that can run concurrently is not limited.
Use the –m option to modify the value of a property for a specified service. For example, you would limit the number of finger processes that can run concurrently to 5 as follows:
$ inetadm -m svc:/network/finger:default max_copies=5 $ inetadm -l finger | grep copies max_copies=5
For more information, see the inetadm(1M) man page.