  # $Id: xinetd 5268 2005-09-08 22:44:11Z sarnold $
# ----------------------------------------------------------------------
#    PROPRIETARY DATA of NOVELL INC.
#    Copyright (c) 2004, NOVELL (All rights reserved)
#
#    This document contains trade secret data which is the property
#    of NOVELL Inc.  This document is submitted to recipient in
#    confidence. Information contained herein may not be used, copied
#    or disclosed in whole or in part except as permitted by written
#    agreement signed by an officer of NOVELL, Inc.
# ----------------------------------------------------------------------


  # programs xinetd is allowed to execute
  /bin/netstat                     px,
  /bin/ps                          ix,
  /sbin/linuxconf                  px,
  /usr/bin/cvs                     px,
  /usr/bin/fam                     px,
  /usr/bin/kotalkd                 px,
  /usr/bin/ktalkd                  px,
  /usr/bin/nrpe                    px,
  /usr/bin/rsync                   px,
  /usr/kerberos/sbin/ftpd          px,
  /usr/kerberos/sbin/klogind       px,
  /usr/kerberos/sbin/kshd          px,
  /usr/kerberos/sbin/telnetd       px,
  /usr/lib/amanda/amandad          px,
  /usr/lib/amanda/amidxtaped       px,
  /usr/lib/amanda/amindexd         px,

  /usr/lib64/cups/daemon/cups-lpd  px,
  /usr/lib/cups/daemon/cups-lpd    px,

  /usr/sbin/dbskkd-cdb             px,
  /usr/sbin/imapd                  px,
  /usr/sbin/in.comsat              px,
  /usr/sbin/in.fingerd             px,
  /usr/sbin/in.ftpd                px,
  /usr/sbin/in.httpd-redir         px,
  /usr/sbin/in.ntalkd              px,
  /usr/sbin/in.rexecd              px,
  /usr/sbin/in.rlogind             px,
  /usr/sbin/in.rshd                px,
  /usr/sbin/in.telnetd             px,
  /usr/sbin/in.tftpd               px,
  /usr/sbin/ipop2d                 px,
  /usr/sbin/ipop3d                 px,
  /usr/sbin/popper                 px,
  /usr/sbin/rsyncd                 px,
  /usr/sbin/swat                   px,
  /usr/sbin/tcpd                   px,
  /usr/sbin/vsftpd                 px,
  /usr/X11R6/bin/vnc_inetd_httpd   px,
  /usr/X11R6/bin/Xvnc              px,


  # some startup thing
  udp_receive to 127.0.0.1 from 127.0.0.1,
  udp_send from 0.0.0.0 to 127.0.0.1,
  # ports xinetd is allowed to bind to (wide open by default)
  tcp_accept to 0.0.0.0:7,
  udp_receive to 0.0.0.0:7,
  tcp_accept to 0.0.0.0:13,
  udp_receive to 0.0.0.0:13,
  tcp_accept to 0.0.0.0:19,
  udp_receive to 0.0.0.0:19,
  tcp_accept to 0.0.0.0:20,
  tcp_accept to 0.0.0.0:21,
  tcp_accept to 0.0.0.0:23,
  tcp_accept to 0.0.0.0:37,
  udp_receive to 0.0.0.0:37,
  tcp_accept to 0.0.0.0:69,
  udp_receive to 0.0.0.0:69,
  tcp_accept to 0.0.0.0:79,
  tcp_accept to 0.0.0.0:109,
  udp_receive to 0.0.0.0:109,
  tcp_accept to 0.0.0.0:110,
  udp_receive to 0.0.0.0:110,
  tcp_accept to 0.0.0.0:143,
  udp_receive to 0.0.0.0:143,
  tcp_accept to 0.0.0.0:220,
  udp_receive to 0.0.0.0:220,
  tcp_accept to 0.0.0.0:873,
  udp_receive to 0.0.0.0:873,
  tcp_accept to 0.0.0.0:992,
  udp_receive to 0.0.0.0:992,
  tcp_accept to 0.0.0.0:993,
  udp_receive to 0.0.0.0:993,
  tcp_accept to 0.0.0.0:995,
  udp_receive to 0.0.0.0:995,
  tcp_accept to 0.0.0.0:512,
  tcp_accept to 0.0.0.0:513,
  tcp_accept to 0.0.0.0:514,
  tcp_accept to 0.0.0.0:515,
  udp_receive to 0.0.0.0:515,
  udp_receive to 0.0.0.0:518,
  tcp_accept to 0.0.0.0:543,
  tcp_accept to 0.0.0.0:544,
  tcp_accept to 0.0.0.0:901,
  tcp_accept to 0.0.0.0:1178,
  tcp_accept to 0.0.0.0:2105,
  tcp_accept to 0.0.0.0:9098,
  tcp_accept to 0.0.0.0:10080,
  udp_receive to 0.0.0.0:10080,
  tcp_accept to 0.0.0.0:10081,
  udp_receive to 0.0.0.0:10081,
  tcp_accept to 0.0.0.0:10082,
  tcp_accept to 0.0.0.0:10083,
  # sadly, RPC ports move around :(
  tcp_accept to 0.0.0.0:32768-33000,
