27 telnet. In this example, the test not only tells me that sendmail is running, but it also tells me what version of sendmail is running: lnx1 telnet 205.153.63.239 25 Trying 205.153.63.239... Connected to 205.153.63.239. Escape character is ]. 220 bsd4.lander.edu ESMTP Sendmail 8.9.38.9.3; Wed, 8 Mar 2000 09:38:02 -0500 EST quit 221 bsd4.lander.edu closing connection Connection closed by foreign host. In the same spirit: bsd1 ipfw list ipfw: getsockoptIP_FW_GET: Protocol not available clearly shows ipfw is not running on this system. All I did was try to use it. This type of application- specific testing is discussed in greater detail in Chapter 10 .

2.2 System Configuration Files

A major problem with configuration files under Unix is that there are so many of them in so many places. On a multiuser system that provides a variety of services, there may be scores of configuration files scattered among dozens of directories. Even worse, it seems that every implementation of Unix is different. Even different releases of the same flavor of Unix may vary. Add to this the complications that multiple applications contribute and you have a major undertaking. If you are running a number of different platforms, you have your work cut out for you. For these reasons, it is unrealistic to attempt to give an exhaustive list of configuration files. It is possible, however, to discuss configuration files by categories. The categories can then serve as a guide or reminder when you construct your own lists so that you dont overlook an important group of files. Just keep in mind that what follows is only a starting point. You will have to discover your particular implementations of Unix one file at a time.

2.2.1 Basic Configuration Files

There are a number of fairly standard configuration files that seem to show up on most systems. These are usually, but not always, located in the etc directory. For customization, you may see a number of files in the usrlocal or usropt directories or their subdirectories. When looking at files, this is clearly the first place to start. Your system will probably include many of the following: defaultdomain, defaultroute, ethers, gateways, host.conf, hostname, hosts, hosts.allow, hosts.equiv, inetd.conf, localhosts, localnetworks, named.boot, netmasks, networks, nodename, nsswitch.conf, protocols, rc, rc.conf, rc.local, resolv.conf, and services. You wont find all of these on a single system. Each version and release will have its own conventions. For example, Solaris puts the hosts name in nodename. [3] With BSD, it is set in rc.conf. Customizations may change these as well. Thus, the locations and names of files will vary from system to system. [3] The hostname may be used in other files as well so dont try to change the hostname by editing these files. Use the hostname command instead. 28 One starting point might be to scan all the files in etc and its subdirectories, trying to identify which ones are relevant. In the long run, you may want to know the role of all the files in etc, but you dont need to do this all at once. There are a few files or groups of files that will be of particular interest. One of the most important is inetd.conf. While we can piece together what is probably being handled by inetd by using ps in combination with netstat, an examination of inetd.conf is usually much quicker and safer. On an unfamiliar system, this is one of the first places you will want to look. Be sure to compare this to the output provided by netstat. Services that you cant match to running processes or inetd are a cause for concern. You will also want to examine files like host.conf, resolv.conf, and nsswitch.conf to discover how name resolution is done. Be sure to examine files that establish trust relationships like hosts.allow. This is absolutely essential if you are having, or want to avoid, security problems. There is more on some of these files in the discussion of tcpwrappers in Chapter 11 . Finally, there is one group of these files, the rc files, that deserve particular attention. These are discussed separately in the later section on startup files and scripts.

2.2.2 Configuration Programs