topic Re: inetd.conf in Operating System - HP-UX

inetd.conf

Pieter_5 — Thu, 17 Jun 2004 02:21:15 GMT

Hi,

I am trying to tighten the security of my HP-boxes. First I want to disable some services in inetd.conf. However some of the services i dont know. Like registrar, dtspc, instl_boots, kshell, klogin, ident, bootps. Can I disable them? What are used for?

Re: inetd.conf

Joseph Loo — Thu, 17 Jun 2004 02:29:07 GMT

hi,

let me first recommend to you Bastille, which allows u to interactively "harden" your server which includes the services in inetd.conf

go to this link to download and also read the white paper first. the white paper addresses some of the questions u have about unwanted services:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

regards.

Re: inetd.conf

Sanjay Kumar Suri — Thu, 17 Jun 2004 02:32:10 GMT

Check this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=593060

sks

Re: inetd.conf

Sanjay Kumar Suri — Thu, 17 Jun 2004 02:34:48 GMT

Or look at the attachment which has been extracted from the previous post.

sks

Re: inetd.conf

Bharat Katkar — Thu, 17 Jun 2004 03:01:56 GMT

hi,
Will try to explain some of them:

bootps : Bootstrap Protocol Server, used for remote booting the clients systems.

instl_boots : installation bootstrap protocol server

kshell : Kerberos remote shell

klogin : Kerberos encrypted remote login

So if you are not using those you can go ahead and disable them.

Edit /etc/inetd.conf and put hash in front of all these entries and then:
# /usr/sbin/inetd -c
to reread the changed conf file.

Hope that helps.
regards,

Re: inetd.conf

Fabio Ettore — Thu, 17 Jun 2004 03:19:04 GMT

Hi,

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5187-2216/5187-2216_top.html&con=/hpux/onlinedocs/5187-2216/00/00/65-con.html&toc=/hpux/onlinedocs/5187-2216/00/00/65-toc.html&searchterms=security&queryid=20040617-020451

This just is a link to direct you to good actions in order to tighten the security of your HP-boxes.

Bastille (as Joseph said) is another very good suggestion.

I would suggest you to follow a document or a procedure to do your system more secure.

Anyway in order to check what those services regard then go on docs.hp.com.
Here an example for dtspc:

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B1171-90500/B1171-90500_top.html&con=/hpux/onlinedocs/B1171-90500/00/00/28-con.html&toc=/hpux/onlinedocs/B1171-90500/00/00/28-toc.html&searchterms=dtspc&queryid=20040617-020927

dtspc is about remote display console (one for all CDE) on remote systems.

HTH.

Best regards,
Ettore

Re: inetd.conf

R. Sri Ram Kishore_1 — Thu, 17 Jun 2004 04:33:18 GMT

Hi,

Here are the descriptions of some of the services:
a) registrar - Resource Monitoring Service. Part of the resource monitoring subsystem.

b) ident - Authentication Service
This service is used to identify which user owns which services. This service is unnecessary for general system use.
To disable this service, edit the /etc/inetd.conf file to comment out or disable this service, or use SAM to disable
this service.

The other services have already been explained by others.

HTH.
Regards,
Sri Ram