https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558518#M741371 Matthew, <BR /><BR />Best secure configuration for any UNIX system is to have NOTHING in /etc/inetd.conf. Your well-known INET services ftp, telnet, logind, etc.. should be replaced by Secure Shell.<BR /><BR />All of our UNIX servers now have blank inetd.conf configs. We use Secure Shell to replace clear text protocols line telnet, ftp, rlogin, rexec.. etc.<BR /><BR /> Thu, 09 Jun 2005 15:13:56 GMT Alzhy 2005-06-09T15:13:56Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558510#M741363 Can anyone point me to some good resources that detail what services are included in inetd.conf by default and what they do? My company is working to increase our security, and would like to ensure that any uneeded or potentially insecure services included in inetd.conf are stopped from running. Mon, 06 Jun 2005 09:31:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558510#M741363 Matthew Whitaker 2005-06-06T09:31:36Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558511#M741364 <A href="http://docs.hp.com/en/B2355-90685/ch02s04.html" target="_blank">http://docs.hp.com/en/B2355-90685/ch02s04.html</A><BR /><BR />basically search <A href="http://docs.hp.com" target="_blank">http://docs.hp.com</A><BR /><BR />live free or die<BR />harry d brown jr Mon, 06 Jun 2005 09:36:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558511#M741364 harry d brown jr 2005-06-06T09:36:30Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558512#M741365 <A href="http://www.blacksheepnetworks.com/security/resources/hp-ux11.html" target="_blank">http://www.blacksheepnetworks.com/security/resources/hp-ux11.html</A><BR /><BR />live free or die<BR />harry d brown jr Mon, 06 Jun 2005 09:37:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558512#M741365 harry d brown jr 2005-06-06T09:37:58Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558513#M741366 If you are looking into security, i recommend you download and run the Bastille software.<BR /><BR />This software will check various aspects of server security (including inetd) and give recommendations and details information about the services/issues it finds.<BR /><BR />If you run it on one of your test boxes you can get a list of recommendations with details descriptions, which you can cut/paste into a report for your bosses ;)<BR /><BR />Find it on <A href="http://software.hp.com" target="_blank">http://software.hp.com</A> Mon, 06 Jun 2005 09:38:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558513#M741366 Simon Hargrave 2005-06-06T09:38:13Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558514#M741367 Hope this helps: <A href="http://web.tampabay.rr.com/batcave/inetd_conf.htm" target="_blank">http://web.tampabay.rr.com/batcave/inetd_conf.htm</A> Mon, 06 Jun 2005 14:08:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558514#M741367 Doug Burton 2005-06-06T14:08:22Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558515#M741368 Matthew<BR /><BR />Take a look at:<BR /><BR /><A href="http://www.cisecurity.org/" target="_blank">http://www.cisecurity.org/</A><BR /><BR />There is a benchmark tool for HPUX ..<BR /><BR />Regards <BR /><BR />Roger<BR /> Thu, 09 Jun 2005 14:03:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558515#M741368 roger_122 2005-06-09T14:03:36Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558516#M741369 There's actually not much in the stock inetd.conf that should be running. FTP and telnet are insecure and should be disabled. tftp should be off unless it's an Ignite server or boot server for some device that requires the service. bootps should be off unless it's an Ignite server or general purpose Bootp/DHCP server. finger, r-services, uucp, ntalk, ident... all bad or useless and should be disabled. The rlpdaemon service not needed unless it's a print server. Inetd internal services, useless and should be disabled. rpc services are disabled by default, I believe. Kerberized r-services not needed most places and should be disabled. Thu, 09 Jun 2005 14:52:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558516#M741369 Jeff_Traigle 2005-06-09T14:52:10Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558517#M741370 Here is a checklist from cert. I agree with jeff. you'll probably be left with telnet and ftp when your done editing. then you can look at secure shell.<BR /><BR /><A href="http://www.cert.org/tech_tips/usc20_full.html" target="_blank">http://www.cert.org/tech_tips/usc20_full.html</A> Thu, 09 Jun 2005 15:05:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558517#M741370 MZ_1 2005-06-09T15:05:53Z https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558518#M741371 Matthew, <BR /><BR />Best secure configuration for any UNIX system is to have NOTHING in /etc/inetd.conf. Your well-known INET services ftp, telnet, logind, etc.. should be replaced by Secure Shell.<BR /><BR />All of our UNIX servers now have blank inetd.conf configs. We use Secure Shell to replace clear text protocols line telnet, ftp, rlogin, rexec.. etc.<BR /><BR /> Thu, 09 Jun 2005 15:13:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/inetd-security/m-p/3558518#M741371 Alzhy 2005-06-09T15:13:56Z