Security Guide 5Enable and disable servicesThe following tables provide a list of the services that can beenabled and disabled from the Xerox FreeFlow Print Server“Setup > Security Profiles” menu options.NOTE: Services list may vary, depending on the product.Table 2-2 “System” tabSystem Service DescriptionAllow_host.equiv_plus Background: The /etc/hosts.equiv and /.rhosts files provide the remoteauthentication database for rlogin, rsh, rcp, and rexec. The filesspecify remote hosts and users that are considered to be trusted.Trusted users are allowed to access the local system withoutsupplying a password. These files can be removed or modified toenhance security. The Xerox FreeFlow Print Server is provided withboth of these files deleted entirely. The setting All_host.equiv_plus isset to disabled, then anytime that security settings are applied, the +will be removed from host.equiv. IMPORTANT NOTE: Removing the +from the hosts.equiv file will prevent the use of the Xerox commandline client print from remote clients. An alternative would be to removethe + and add the name of each trusted host that requires thisfunctionality. Leaving the + will allow a user from any remote host toaccess the system with the same usernameAnonymous FTPBSM Enable or disable the Basic Security Module (BSM) on SolarisExecutable Stacks Some security exploits take advantage of the Solaris OE kernelexecutable system stack to attack the system. Some of these exploitscan be avoided by making the system stack non-executable. Thefollowing lines are added to /etc/system/fP file:setnoexec_user_stack=1set noexec_user_stack_log=1Hide Info BannersMulticast RoutingRemote CDE Logins Deny all remote access (direct/broadcast) to the X server running onthe Xerox FreeFlow Print Server by installing an appropriate /etc/dt/config/Xaccess file.Restrict DFS tabRestrict NFS PortmonRouter Disable router mode by creating an empty the empty file: /etc/notrouter.Secure FilePermissions