Soda, do me a favor? Paste the command you used when scanning my server with Nmap, but omit the IP. That way people can see what you did to gather that information.

Closed a few unneeded services that you found via nmap, by editing a few lines in /etc/inetd.conf. Now, correct me if I'm wrong, but the inetd is considered the "super daemon" in that it handles the loading and controls towards the majority of all system daemons running on the system? Regardless, it's configuration on which services to load (or which services are loaded by inetd at least) is the /etc/inetd.conf

Changed:
# chargen dgram udp wait root internal
time stream tcp nowait root internal
time dgram udp wait root internal
#
To comment-out the time service from loading. Ended up like this.

# chargen dgram udp wait root internal
#time stream tcp nowait root internal
#time dgram udp wait root internal
#
To the uninitiated, a # in a configuration file usually means that it is a 'comment line'.

Example:
# The code below preforms a binary cmd5 checksum
code code code
blah blah

So basically we just commented out the time service from loading, both on tcp and udp. Also disabled the 'comsat' service, which seems to report the logged in user of incoming mail. Looks like it means incoming system mail versus IMAP or pop, per say. Also, reports are that it is very insecure, so I've disabled it from /etc/inetd.conf by commenting out it's UDP line, like I did with the time service. AFAIK, the 'time' service itself is not exploitable due to it's limited nature. Can anyone confirm this or find documentation (couldn't find it on a brief google) of the time service being a security hazard? Granted, even if it isn't I don't want to run services I won't need.

Also can't find much about the comsat service being insecure, besides people just saying that it is insecure. Any past history you guys have of it's insecurities?

A question for everyone though, I left the auth service enabled in inetd.conf because I can't seem to find a straight answer on what it does. It is based on TCP, and the config file says it is a n ident service used for net authentication. Authentication for what though? SMTP? Htto? SSHd? Anyone know what it's for, and if it is something I should disable or not? I won't be disabling it until I know for sure what it does, and what danger it poses to me. I've read a few places that servers like an IRC server would require it for user authentication. Possible that ftp and ssh would require it as well?

Also rebooted the server to reflect inetd configuration changes. Not sure how to restart the inetd daemon safely without just rebooting.

edit: found out how to restart inetd without a complete machine reboot:

1. Find the process number: ps -e | grep inetd
root@tutorial:/etc# ps -e | grep inetd
873 ? 00:00:00 inetd
2. Kill the process number with a HUD signal: kill -HUP 873

Definition: -HUP signal The HUP syntax for the kill command will tell the process you identified (in this case, process 873) to murder all of it's children processes (the processes and services that it created/started). This means it will terminate time, comsat, and everything else it started, but the process you identified will remain intact. After it's killed all the children processes, it re-reads its configuration files and re-opens any log files. Then it spawns a new set of children and continues serving merrily on it's way.