/etc/hosts.allow, /etc/hosts.deny File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid. Then perform the following edits on the /etc/inetd.conf configuration file: finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd becomes: finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd The finger server is used as an example here. Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd.