- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: snmp-trap in inetd.sec is not working
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 05:51 PM
тАО04-17-2006 05:51 PM
snmp-trap in inetd.sec is not working
I am trying to block certain ip's that send trapd to our UNix machine (NNM server). i have put the command:
snmp-trap 172.20.10.4,172.20.11.34
in /var/adm/inetd.sec and killed inetd ( inetd -k) and restarted it then i still see thoese traps coming. any thing to do is still missing??
Thanx
sbk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 06:59 PM
тАО04-17-2006 06:59 PM
Re: snmp-trap in inetd.sec is not working
Do you want to deny/allow the addresses from above?
Try
snmp-trap allow 172.20.10.4,172.20.11.34
or
snmp-trap deny 172.20.10.4,172.20.11.34
rgds
HGH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 07:07 PM
тАО04-17-2006 07:07 PM
Re: snmp-trap in inetd.sec is not working
I have missed the word deny in writing the thread, i ahev actually put:
snmp-trap deny 172.20.10.4,172.20.11.34
and im still getting traps from these ip's. anything more need to be done other than restarting inetd??
Regards
sbk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 08:46 PM
тАО04-17-2006 08:46 PM
Re: snmp-trap in inetd.sec is not working
are you sure the traps are being received by inetd?
I may be wrong, but I'd rather think traps to be received directly by ovtrapd process.
=> the response is thus probably on NNM configuration...
HTH,
antonio.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 09:06 PM
тАО04-17-2006 09:06 PM
Re: snmp-trap in inetd.sec is not working
I suppose all the incoming traffic is passing through the inetd before being processed because the inetd provide a security layer of control. so i dont know if ovtrapd bypass the inetd.sec i need someone with a good experience on that to tell me.
thanx
sbk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 09:47 PM
тАО04-17-2006 09:47 PM
Re: snmp-trap in inetd.sec is not working
You can see what process handles
snmpd-trap ( 162/udp ) with lsof
# lsof -i4udp:162 | grep Idle
the first column of the output shows the "commad" that handles that port.
If it is "inetd" then inetd.sec is used.
Else do a
# ldd "path-to-command"
on the "command" you find in the lsof-output.
If there is a line with "libsec" or "libwrap"
then you may use /etc/hosts.allow. like:
"command : "ip" : allow|deny
rgds
HGH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2006 10:03 PM
тАО04-17-2006 10:03 PM
Re: snmp-trap in inetd.sec is not working
add to my last post:
the /etc/hosts.allow syntax may differ between hp-ux and e.g. Linux
@hp-ux everything mentioned in /etc/hosts.allow is allowed:
"command" : "ip-list"
you need a /etc/hosts.deny to deny every thing else:
"ALL : ALL "
Confusion perfect?
rgds
HGH