https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874510#M279014 <BR /><BR />Ident Service (Potential Bot/Zombie) Detected <BR /><BR /><BR />Check to see if the ident service was started legitimately. If not, or if not required, disable the ident service. Also, scan the host with an updated antivirus scanner for infection.<BR /><BR />what does the Ident Service mean? Also there is no Virus in Unix right?<BR /><BR />Thanks<BR /><BR />Joe Wed, 04 Oct 2006 14:37:37 GMT joe_91 2006-10-04T14:37:37Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874510#M279014 <BR /><BR />Ident Service (Potential Bot/Zombie) Detected <BR /><BR /><BR />Check to see if the ident service was started legitimately. If not, or if not required, disable the ident service. Also, scan the host with an updated antivirus scanner for infection.<BR /><BR />what does the Ident Service mean? Also there is no Virus in Unix right?<BR /><BR />Thanks<BR /><BR />Joe Wed, 04 Oct 2006 14:37:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874510#M279014 joe_91 2006-10-04T14:37:37Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874511#M279015 I think this is output from some security scanner. Take a look at /etc/inetd.conf - maybe you have ident service running. If you don't need it simply comment that line (with #) and reload inetd (inetd -c).<BR /><BR />regards,<BR />ivan Wed, 04 Oct 2006 14:58:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874511#M279015 Ivan Krastev 2006-10-04T14:58:44Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874512#M279016 Joe,<BR /><BR />The ident protocol identifies the username of the current user to a (remote) process. It runs on 113/tcp by default. This is most likely a false positive.<BR /><BR />To disable identd, comment out the appropriate line in /etc/inetd.conf and 'inetd -c'.<BR /><BR />For more information on ident:<BR /><A href="http://en.wikipedia.org/wiki/Ident" target="_blank">http://en.wikipedia.org/wiki/Ident</A><BR /><BR />There are UNIX viruses, but their number is tiny compared to the Windows world.<BR /><BR />PCS Wed, 04 Oct 2006 15:07:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874512#M279016 spex 2006-10-04T15:07:08Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874513#M279017 Hi,<BR /><BR />Please comment the following line in /etc/inetd.conf file:<BR /><BR />ident stream tcp wait bin /usr/lbin/identd identd <BR /><BR />and run inetd -c<BR /><BR />Thanks Wed, 04 Oct 2006 16:01:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874513#M279017 john D_3 2006-10-04T16:01:42Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874514#M279018 ident is one of the archaic Unix services that are almost never used but like finger and rwho, they provide too much information about your system. Just comment it out and inetd -c re-read the file. Other archaic services:<BR /> <BR />uucp ntalk time daytime echo discard chargen <BR /> Wed, 04 Oct 2006 19:56:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874514#M279018 Bill Hassell 2006-10-04T19:56:20Z https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874515#M279019 The only really popular thing I can think of that (currently) relies on it is ServiceGuard. <BR /><BR /> Thu, 05 Oct 2006 10:32:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-scan/m-p/3874515#M279019 Robert Fritz 2006-10-05T10:32:46Z