HPE Community
Operating System - HP-UX
1753309 Members
6610 Online
108792 Solutions
New Discussion юеВ

Re: snmp-trap in inetd.sec is not working

 
NTC
Regular Advisor

тАО04-17-2006 05:51 PM

тАО04-17-2006 05:51 PM

snmp-trap in inetd.sec is not working

Hi all,
I am trying to block certain ip's that send trapd to our UNix machine (NNM server). i have put the command:
snmp-trap 172.20.10.4,172.20.11.34
in /var/adm/inetd.sec and killed inetd ( inetd -k) and restarted it then i still see thoese traps coming. any thing to do is still missing??
Thanx
sbk
0 Kudos
Reply
6 REPLIES 6
Hemmetter
Esteemed Contributor

тАО04-17-2006 06:59 PM

тАО04-17-2006 06:59 PM

Re: snmp-trap in inetd.sec is not working

HI

Do you want to deny/allow the addresses from above?

Try
snmp-trap allow 172.20.10.4,172.20.11.34
or
snmp-trap deny 172.20.10.4,172.20.11.34

rgds
HGH
0 Kudos
Reply
NTC
Regular Advisor

тАО04-17-2006 07:07 PM

тАО04-17-2006 07:07 PM

Re: snmp-trap in inetd.sec is not working

Thanx Hemmetter,

I have missed the word deny in writing the thread, i ahev actually put:
snmp-trap deny 172.20.10.4,172.20.11.34

and im still getting traps from these ip's. anything more need to be done other than restarting inetd??

Regards
sbk
0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

тАО04-17-2006 08:46 PM

тАО04-17-2006 08:46 PM

Re: snmp-trap in inetd.sec is not working

Hi,

are you sure the traps are being received by inetd?
I may be wrong, but I'd rather think traps to be received directly by ovtrapd process.
=> the response is thus probably on NNM configuration...

HTH,
antonio.
0 Kudos
Reply
NTC
Regular Advisor

тАО04-17-2006 09:06 PM

тАО04-17-2006 09:06 PM

Re: snmp-trap in inetd.sec is not working

Hello Antonio,
I suppose all the incoming traffic is passing through the inetd before being processed because the inetd provide a security layer of control. so i dont know if ovtrapd bypass the inetd.sec i need someone with a good experience on that to tell me.

thanx
sbk
0 Kudos
Reply
Hemmetter
Esteemed Contributor

тАО04-17-2006 09:47 PM

тАО04-17-2006 09:47 PM

Re: snmp-trap in inetd.sec is not working

hi

You can see what process handles
snmpd-trap ( 162/udp ) with lsof

# lsof -i4udp:162 | grep Idle

the first column of the output shows the "commad" that handles that port.

If it is "inetd" then inetd.sec is used.
Else do a
# ldd "path-to-command"
on the "command" you find in the lsof-output.
If there is a line with "libsec" or "libwrap"
then you may use /etc/hosts.allow. like:

"command : "ip" : allow|deny


rgds
HGH



0 Kudos
Reply
Hemmetter
Esteemed Contributor

тАО04-17-2006 10:03 PM

тАО04-17-2006 10:03 PM

Re: snmp-trap in inetd.sec is not working

hi again

add to my last post:

the /etc/hosts.allow syntax may differ between hp-ux and e.g. Linux

@hp-ux everything mentioned in /etc/hosts.allow is allowed:
"command" : "ip-list"

you need a /etc/hosts.deny to deny every thing else:
"ALL : ALL "



Confusion perfect?

rgds
HGH


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.