https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137581#M154512 I highly recommend reviewing this document.<BR /><BR /><A href="http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html" target="_blank">http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html</A><BR /><BR />Excellent source of information on ho to secure your HP-UX server. Fri, 05 Dec 2003 14:41:12 GMT James A. Donovan 2003-12-05T14:41:12Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137574#M154505 I had a security audit done on my HP 11.00 server and would like to shut down some ports that are not being used.<BR />I know that you can modify the /etc/inetd.conf file for some but I have some others that I need to shut down...<BR />Where do I do that?<BR /><BR />25 smtp<BR />80 http<BR />111 SunRPC<BR />119 News<BR />135 epmap<BR />512<BR />1080<BR />8080<BR />68 bootpc<BR /><BR /><BR />As well as shut down the smtp server and the snmp service Fri, 05 Dec 2003 12:48:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137574#M154505 Ratzie 2003-12-05T12:48:55Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137575#M154506 Hi<BR /><BR />/etc/services<BR /><BR />Paula Fri, 05 Dec 2003 12:49:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137575#M154506 Paula J Frazer-Campbell 2003-12-05T12:49:55Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137576#M154507 This product might help as well.<BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA</A><BR /><BR />IPFilter.<BR /><BR />SEP Fri, 05 Dec 2003 12:53:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137576#M154507 Steven E. Protter 2003-12-05T12:53:09Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137577#M154508 /etc/services is the file. Fri, 05 Dec 2003 12:57:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137577#M154508 RAC_1 2003-12-05T12:57:35Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137578#M154509 /etc/services file. We can just put # at the begining of the line for which you don't need <BR /><BR />-USA... Fri, 05 Dec 2003 12:59:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137578#M154509 Uday_S_Ankolekar 2003-12-05T12:59:07Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137579#M154510 Actually, /etc/services is a documentation file and while some programs that open the listed port will not run if the service is not listed, that's not a guarentee. In Unix, unless there is a program that has opened the port (like inetd or httpd) then the port is closed. Now smtp is usually handled by sendmail so kill the sendmail daemon, then edit /etc/rc.config.d/mailservs to not start sendmail upon reboot. For http, unless you have installed a web server like Apache, then the web ports (8080 1080 80) are closed. To turn off NFS port, make sure the file /etc/rc.config.d/nfsconf has all the services set =0. To stop ports like 512 (rexec) and others, edit /etc/inetd.conf and run inetd -c when you are done. Fri, 05 Dec 2003 13:00:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137579#M154510 Bill Hassell 2003-12-05T13:00:59Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137580#M154511 Actually, editing /etc/services might make you feel better but it really does nothing to enhance security. /etc/services only does portname to portnumber mapping to make things a bit easier for us dumb humans but any intruder software is going to bang on the port using the number. You really have to edit /etc/inetd.conf to disable the services and then tell inetd that you have done it by inetd -c. In a few cases editing inetd.conf is not sufficient because the daemon may be started by an /sbin/rcN.d script --- or may even require a manual start.<BR /> Fri, 05 Dec 2003 13:05:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137580#M154511 A. Clay Stephenson 2003-12-05T13:05:06Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137581#M154512 I highly recommend reviewing this document.<BR /><BR /><A href="http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html" target="_blank">http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html</A><BR /><BR />Excellent source of information on ho to secure your HP-UX server. Fri, 05 Dec 2003 14:41:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137581#M154512 James A. Donovan 2003-12-05T14:41:12Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137582#M154513 in addition to add some more security to your box...<BR /><BR />I would highly suggest utilizing /etc/hosts.allow(deny files) similar to what I have done... <BR /><BR />This will DISALLOW ALL SERVICES except what you have defined to be available here for remote access... I strongly recommend it... <BR /><BR />Here is an additional link I found about config and syntax for hosts.allow/deny.<BR /><BR /> <BR /><A href="http://ezine.daemonnews.org/200206/hosts_allow.html" target="_blank">http://ezine.daemonnews.org/200206/hosts_allow.html</A><BR /><BR /><BR /># cat /etc/hosts.allow<BR />#all : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />logind : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow <BR /><BR /># cat /etc/hosts.deny <BR /># Deny all hosts<BR />ALL : ALL Fri, 05 Dec 2003 15:08:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137582#M154513 Todd McDaniel_1 2003-12-05T15:08:48Z https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137583#M154514 HP-UX Security products and functionalities,<BR /><BR /><A href="http://www.hp.com/products1/unix/operating/security/" target="_blank">http://www.hp.com/products1/unix/operating/security/</A><BR /><BR /><A href="http://downloads.securityfocus.com/library/bastion.html" target="_blank">http://downloads.securityfocus.com/library/bastion.html</A><BR /><BR />-Karthik S S Fri, 05 Dec 2003 16:37:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/shutdown-ports/m-p/3137583#M154514 Karthik S S 2003-12-05T16:37:09Z