I came across a book recently that suggested that I disabled inetd or xinetd and run the daemons as their own process due to the possible insecurities of both super servers.

1) Is this viable?
2) How can I go about doing so?

Thank you.

I came across a book recently that suggested that I disabled inetd or xinetd and run the daemons as their own process due to the possible insecurities of both super servers.

1) Is this viable?
Sure. Both of them have had security problems in the past, so having one less internet daemon that can potentially be exploited is a good thing in general (same logic as shutting off un-necessary services). Though xinetd does do some cool things that can be used to improve your systems security. For example you can use hosts.allow/deny without having to depend on the application having it built in, it's ability to restrict access is much more flexible that with iptables, and much more. Plus on low traffic systems, xinetd will reduce the amount of resources consumed in having the indivual daemon processes up and listening for connections.

2) How can I go about doing so?
Turn off xinted. Configure the applications to run as a stand-alone process. On most recent versions of RedHat, only a few daemons run through xinted and these are potentially dangerous to run at all, so turning xinted off is recommended.

Capt_Caveman,

Thank you for the indepth reply. How do I know which daemons use xinetd? Also is it possible to run xinetd but restrict access to it?

You also mentioned that "only a few daemons run through xinted and these are potentially dangerous to run at all", which daemons would these be?

On a Redhat-ish system, you can just use chkconfig --list and it will produce a list of services and their status along with a sub-list at the bottom for xinetd and all the services that are configured to run through xinetd. Probably two of the more dangerous ones are chargen and echo which can be abused in a classic DoS attack.