topic Re: IT security forbidden processes in Operating System - HP-UX

IT security forbidden processes

vijay alur alur — Fri, 30 Nov 2012 12:28:28 GMT

Hello All,

We have a list of processes provided by IT Security that are forbidden to be run on HPUX servers. I want to have a close look at it and check if they really needs to be stopped from running OR there are some process that are mandatory from application view point or OS view point.

Below are the processes.

auth
bootps
chargen
discard
dtspc
echo
exec

ntalk
printer
shell
tftp

Re: IT security forbidden processes

Laurent Menase — Fri, 30 Nov 2012 12:53:44 GMT

Hello,

Indeed depends on the application used on that system.

auth -> used by MC/SG, sendmail, but may be configuration may avoid that use
bootps -> if the no other system boot getting config from that system, no need (

so if your system is not an ignite server should not be useful
chargen -> depends on applications , system itself doesn't need it
discard -> depends on applications, system itself doesn't need it, but often useful for test purpose

                   MC/SG packages could use it
dtspc    -> needed if you use DCE
echo     -> depends on application, but usually very useful for test purpose

MC/SG packages could use it
exec

-> no rexec possible, doens't look like to be mandatory

-> no rlogin possible, it is a choice, need to check application don't use it

ntalk

-> ntalk, doesn't looks like to be that useful

printer

-> remote print ,
shell

-> remsh, may be avoided, but may need to check scripts which need to use it ignite? MC/SG?
tftp

-> used with bootp to get the kernel from the server, so if not an ignite server should be ok.

Now all this is just a first quick look, a real assesment should be made.

Re: IT security forbidden processes

Steven Schweda — Fri, 30 Nov 2012 15:04:29 GMT

Re: IT security forbidden processes

vijay alur alur — Sat, 13 Apr 2013 20:58:34 GMT

Thanks for replying!!

Re: IT security forbidden processes

Emil Velez_2 — Sat, 18 May 2013 21:39:59 GMT

all of these are started by inetd

comment out the services in /etc/inetd.cond and execute

inetd -c. to rearead the file