topic Re: Securing the server in Operating System - HP-UX

Securing the server

Ray Bell — Thu, 12 Jul 2001 13:46:17 GMT

I have a scripts that run on my server every 30 minutes to capature all port not in use. I have ran it for 7 days and now I want to disable the ports that are not being used. I'm not familiar with most of these ports and before I disable the ports, I wanted to know what they do. Is there some documentation I can read that talk about the ports in /etc/services on the HP server. I have over 75 ports listed that are not being used. Please help.... here's the attachment list...

Re: Securing the server

Wim Rombauts — Thu, 12 Jul 2001 14:31:41 GMT

As far as I know, /etc/services is just a translation table and has nothing to do with security.
If you want to secure your server for network connections, you can do the following :
Edit /etc/inetd.conf and set a "#" before every service that you don't want to be active.
Edit /var/adm/inetd.sec to limit access to services that have to be activated to specific systems.
All other network ports are used by processes that run continuously and that you have to start explicitly. If you stop that process, no communication on that port will be possible anymore. Scan your processes and try to find suspicious processes that should be stopped.
And then, there are those ports that you see as used, but shouldn't be used because the user is only sneeking around ...

Re: Securing the server

Ray Bell — Thu, 12 Jul 2001 14:40:22 GMT

I aggree somewhat but how can I scan the server to find out what port I can disable? Also if a port is disable in /etc/service then no matter daemon is running then the prot is not available so the user can get access to my system and this lock down an entry into my server.

Re: Securing the server

Chris Calabrese — Thu, 12 Jul 2001 15:28:44 GMT

This is more complicated than you think. Have a look at http://www.sabernet.net/papers/hp-ux10.html
and http://people.hp.se/stevesk/bastion11.html

Re: Securing the server

MALKI — Fri, 13 Jul 2001 13:47:51 GMT

Sorry I can give any idea on this subject but could you do to me a little favour and give me the script that you have for checking the opens ports on the system.
Thinks

Re: Securing the server

Chris Calabrese — Fri, 13 Jul 2001 16:32:39 GMT

Get a copy of lsof from http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/lsof-4.55/ and then run 'lsof -i'. That will tell you everything about your network listeners.