Remove Orphan files and unnecessary services from the billing server

> We need to remove [...]

   Why?  Is there some actual problem which you are trying to solve?

> [...] files which have no ownership of user or groups [...]

   I don't know what that means.  I thought that every file has an owner
and a group.

> [...] unnecessary services [...]

   Please define.

> Please advice.

   Don't waste your time by looking for trouble (with no significant
possible benefit)?

>have no ownership of user or groups and unused for long time

You can use find(1) with -nouser or -nogroup to find unowned files.

And "-type f -atime +$(( 365 * 2 ))" for files not accessed in last two years.

>unnecessary services from the systems.

You'll need to look at all the demons running and determine which aren't needed.

Hi Steven,

This is actually required by our IT Audit team.

Thanks

>This is actually required by our IT Audit team.

Then perhaps they can tell you how to do it.

Hi Dennis,

Many thanks for your suggestions.

Please find below services running on our production billing system. Can you please suggest which sevices are not using by OS.

#
tcpmux 1/tcp # TCP port multiplexer (RFC 1078)
echo 7/tcp # Echo
echo 7/udp #
discard 9/tcp sink null # Discard
discard 9/udp sink null #
systat 11/tcp users # Active Users
daytime 13/tcp # Daytime
daytime 13/udp #
qotd 17/tcp quote # Quote of the Day
chargen 19/tcp ttytst source # Character Generator
chargen 19/udp ttytst source #
ftp-data 20/tcp # File Transfer Protocol (Data)
ftp 21/tcp # File Transfer Protocol (Control)
telnet 23/tcp # Virtual Terminal Protocol
smtp 25/tcp # Simple Mail Transfer Protocol
time 37/tcp timeserver # Time
time 37/udp timeserver #
rlp 39/udp resource # Resource Location Protocol
whois 43/tcp nicname # Who Is
domain 53/tcp nameserver # Domain Name Service
domain 53/udp nameserver #
bootps 67/udp # Bootstrap Protocol Server
bootpc 68/udp # Bootstrap Protocol Client
tftp 69/udp # Trivial File Transfer Protocol
rje 77/tcp netrjs # private RJE Service
finger 79/tcp # Finger
http 80/tcp www # World Wide Web HTTP
http 80/udp www # World Wide Web HTTP
link 87/tcp ttylink # private terminal link
supdup 95/tcp #
hostnames 101/tcp hostname # NIC Host Name Server
tsap 102/tcp iso_tsap iso-tsap # ISO TSAP (part of ISODE)
pop 109/tcp postoffice pop2 # Post Office Protocol - Version 2
pop3 110/tcp pop-3 # Post Office Protocol - Version 3
portmap 111/tcp sunrpc # SUN Remote Procedure Call
portmap 111/udp sunrpc #
auth 113/tcp authentication ident # Authentication Service
sftp 115/tcp # Simple File Transfer Protocol
uucp-path 117/tcp # UUCP Path Service
nntp 119/tcp readnews untp # Network News Transfer Protocol
ntp 123/udp # Network Time Protocol
netbios_ns 137/tcp # NetBIOS Name Service
netbios_ns 137/udp #
netbios_dgm 138/tcp # NetBIOS Datagram Service
netbios_dgm 138/udp #
netbios_ssn 139/tcp # NetBIOS Session Service
netbios_ssn 139/udp #
bftp 152/tcp # Background File Transfer Protocol
snmp 161/udp snmpd # Simple Network Management Protocol Agent
snmp-trap 162/udp trapd # Simple Network Management Protocol Traps
xdmcp 177/tcp # X Display Manager Control Protocol
xdmcp 177/udp # X Display Manager Control Protocol
bgp 179/tcp # Border Gateway Protocol
# PV performance tool services entries
pvserver 382/tcp # PV server
ovbbccb 383/tcp # OV Communication Broker
svrloc 427/tcp # Server Location
svrloc 427/udp # Server Location
# Ports for IPSec
isakmp 500/tcp isakmp # IPSec Key Management (ISAKMP)
isakmp 500/udp isakmp # IPSec Key Management (ISAKMP)
#
# UNIX services
#
biff 512/udp comsat # mail notification
exec 512/tcp # remote execution, passwd required
login 513/tcp # remote login
who 513/udp whod # remote who and uptime
shell 514/tcp cmd # remote command, no passwd used
syslog 514/udp # remote system logging
printer 515/tcp spooler # remote print spooling
talk 517/udp # conversation
ntalk 518/udp # new talk, conversation
route 520/udp router routed # routing information protocol
efs 520/tcp # Extended file name server
timed 525/udp timeserver # remote clock synchronization
tempo 526/tcp newdate #
courier 530/tcp rpc #
conference 531/tcp chat #
netnews 532/tcp readnews #
netwall 533/udp # Emergency broadcasting
uucp 540/tcp uucpd # uucp daemon
dhcpv6-client 546/tcp # DHCPv6 Client
dhcpv6-client 546/udp # DHCPv6 Client
dhcpv6-server 547/tcp # DHCPv6 Server
dhcpv6-server 547/udp # DHCPv6 Server
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
ingreslock 1524/tcp #
#
# Other HP-UX services
#
lansrm 570/udp # SRM/UX Server
DAServer 987/tcp # SQL distributed access
instl_boots 1067/udp # installation bootstrap protocol server
instl_bootc 1068/udp # installation bootstrap protocol client
nfsd-keepalive 1110/udp # Client status info
nfsd-status 1110/tcp # Cluster status info
msql 1111/tcp # Mini SQL database server
hacl-qs 1238/tcp # HA cluster Quorum Server
hacl-qs 1238/udp # HA cluster Quorum Server
rlb 1260/tcp # remote loopback diagnostic
clvm-cfg 1476/tcp # HA LVM configuration
diagmond 1508/tcp # Diagnostic System Manager
nft 1536/tcp # NS network file transfer
sna-cs 1553/tcp # SNAplus client/server
sna-cs 1553/udp # SNAplus client/server
ncpm-pm 1591/udp # NCPM Policy Manager
ncpm-hip 1683/udp # NCPM Host Information Provider
cvmon 1686/udp # Clusterview cvmon-cvmap communication
registrar 1712/tcp # resource monitoring service
registrar 1712/udp # resource monitoring service
ncpm-ft 1744/udp # NCPM File Transfer
psmond 1788/tcp # Predictive Monitor
psmond 1788/udp # Hardware Predictive Monitor
pmlockd 1889/tcp # SynerVision locking daemon
pmlockd 1889/udp #
nfsd 2049/udp nfs # NFS server daemon (clts)
nfsd 2049/tcp nfs # NFS server daemon (cots)
lockd 4045/udp # NFS lockd daemon/manager for udp
lockd 4045/tcp # NFS lockd daemon/manager for tcp
netdist 2106/tcp # update(1m) network distribution service
cvmmon 2300/tcp # ClusterView Management cluster support
hpidsadmin 2984/tcp # HP-UX Host Intrusion Detection System admin
hpidsadmin 2984/udp # HP-UX Host Intrusion Detection System admin
hpidsagent 2985/tcp # HP-UX Host Intrusion Detection System agent
hpidsagent 2985/udp # HP-UX Host Intrusion Detection System agent
hp-clic 3384/tcp #Cluster Management Services
hp-clic 3384/udp #Hardware Management
hacl-monitor 3542/tcp # HA cluster monitor
hacl-monitor 3542/udp # HA cluster monitor
rfa 4672/tcp # NS remote file access
veesm 4789/tcp # HP VEE service manager
hacl-hb 5300/tcp # High Availability (HA) Cluster heartbeat
hacl-hb 5300/udp # High Availability (HA) Cluster heartbeat
hacl-gs 5301/tcp # HA Cluster General Services
hacl-gs 5301/udp # HA Cluster General Services
hacl-cfg 5302/tcp # HA Cluster TCP configuration
hacl-cfg 5302/udp # HA Cluster UDP configuration
hacl-probe 5303/tcp # HA Cluster TCP probe
hacl-probe 5303/udp # HA Cluster UDP probe
hacl-local 5304/tcp # HA Cluster Commands
hacl-local 5304/udp # HA Cluster Commands
hacl-test 5305/tcp # HA Cluster Test
hacl-dlm 5408/tcp # HA Cluster distributed lock manager
omni 5555/tcp # HP OpenView OmniBack
lanmgrx.osB 5696/tcp # LAN Manager/X for B.00.00 OfficeShare
hcserver 5710/tcp # HP Cooperative Services
wbem-http 5988/tcp # Web-Based Enterprise Management HTTP
wbem-http 5988/udp # Web-Based Enterprise Management HTTP
wbem-https 5989/tcp # Web-Based Enterprise Management HTTPS
wbem-https 5989/udp # Web-Based Enterprise Management HTTPS
grmd 5999/tcp # graphics resource manager
spc 6111/tcp # sub-process control
desmevt 6868/tcp # DE/ Services Monitor, Event Service
pdclientd 6874/tcp # Palladium print client daemon
pdeventd 6875/tcp # Palladium print event daemon
iasqlsvr 7489/tcp # Information Access
recserv 7815/tcp # SharedX Receiver Service
p7_c33upd 8545/tcp #TSD acceSS7 configuration update RPC server
p7_c33 8546/tcp #TSD acceSS7 configuration RPC server
p7_c32 8547/tcp #TSD acceSS7 communications status RPC server
p7_c35 8548/tcp #TSD acceSS7 communications configuration RPC server
p7_g06 8549/tcp #TSD acceSS7 application version registration RPC server
p7_e30 8550/tcp #TSD acceSS7 event manager RPC server
comms_normal 8551/tcp # acceSS7 normal priority messages
comms_high 8552/tcp # acceSS7 high priority messages
c34_main 8553/udp # acceSS7 Inter-Server messages
ftp-ftam 8868/tcp # FTP->FTAM Gateway
mcsemon 9999/tcp # MC/System Environment monitor
console 10000/tcp # MC/System Environment console multiplexor
actcp 31766/tcp # ACT Call Processing Server
SrpSiteDaemon 6178/tcp # acceSS7 Statistics Remote Site query daemon
SrpCentralDaemon 6179/tcp # acceSS7 Statistics Central Server query daemon
erdb_svr 35100/tcp # acceSS7 Statistics Central Database
erdb_bck 35101/tcp # acceSS7 Statistics Database Backup
hp-sco 19410/tcp # HP SCO port number
hp-sco 19410/udp # HP SCO port number
hp-sca 19411/tcp # HP SCA port number
hp-sca 19411/udp # HP SCA port number

#
# Kerberos (Project Athena/MIT) services
#
kerberos5 88/udp kdc # Kerberos 5 kdc
klogin 543/tcp # Kerberos rlogin -kfall
kshell 544/tcp krcmd # Kerberos remote shell -kfall
ekshell 545/tcp krcmd # Kerberos encrypted remote shell -kfall
kerberos 750/udp kdc # Kerberos (server) udp -kfall
kerberos 750/tcp kdc # Kerberos (server) tcp -kfall
kerberos_master 751/tcp kadmin # Kerberos kadmin
krbupdate 760/tcp kreg # Kerberos registration -kfall
kpasswd 761/tcp kpwd # Kerberos "passwd" -kfall
eklogin 2105/tcp # Kerberos encrypted rlogin -kfall
# The X10_LI server for each display listens on ports 5800 + display number.
# The X10_MI server for each display listens on ports 5900 + display number.
# The X11 server for each display listens on ports 6000 + display number.
# The X11 font server listens on port 7000.
# Do NOT associate other services with these ports.
# Refer to the X documentation for details.

hpoms-ci-lstn 5403/tcp #SAP spooler support
hpoms-dps-lstn 5404/tcp #SAP spooler support
samd 3275/tcp # sam daemon

dtspc 6112/tcp #subprocess control
nuekks 6897/tcp # nuekks daemon

swat 901/tcp # SAMBA Web-based Admin Tool
io-dist-data 5728/tcp #Dist. I/O Comm. Service Data and Control
io-dist-group 5728/udp #Dist. I/O Comm. Service Group Membership

Thanks

Hassan

> Please find below services running on our production billing system.

   Not likely.  This looks to me like a /etc/services file, which simply
relates port numbers to service names.  There's no reason to believe
that you're using all of them.  Also, removing entries from
/etc/services does not ensure that those services are not used (so don't
do it).  Owning a telephone directory is not evidence that you call all
the telephone numbers in it, and tearing a page out of a telephone
directory does not stop you from calling the torn-out numbers.

> Can you please suggest which sevices are not using by OS.

   I can't.  With my weak psychic powers, I have no idea what you do
with your system.  Do you know?  Do your "our IT Audit team"?


> Then perhaps they can tell you how to do it.

   I agree.  If your "our IT Audit team" have found a problem, then they
should be able to tell you what that problem is.  If they can't identify
the problem, then they haven't found one.

Hi,

Thanks for your reply.

In the billing system we have got below services running. Can we get help form HP Service Support regarding this? We have active HP support services.

# egrep -v "^#|^$" /etc/inetd.conf |awk '{print $1}'
ftp
/opt/ignite\
/var/opt/ignite
login
shell
exec
ntalk
auth
printer
daytime
daytime
time
echo
echo
discard
discard
chargen
chargen
kshell
klogin
recserv
dtspc
rpc
rpc
swat
registrar
instl_boots
hacl-cfg
hacl-cfg
hacl-probe

Thanks

Hassan