- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Blocking all unsecure login services 11.11
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 10:39 PM
тАО02-09-2010 10:39 PM
I need to close all the unsecured login services in a HPUX 11i system (bringing it to the Linux standard).
As I see it unsecured services are the one that send the password in non encrypted way.
The way I know to do so is to comment out the unwanted services in the /etc/inetd.conf file.
Any ideas to do it better will help.
And I need to know what services to block ?
For now I know :
1. telnet
2. kshell
3. shell
4. login
5. rexec
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2010 10:50 PM
тАО02-09-2010 10:50 PM
SolutionAny ideas to do it better will help.<<<<<<
AFAIK -> comment out below mentioned services in the "inetd.conf" is best idea.
>>>And I need to know what services to block ?
For now I know :<<<
1. telnet
2. kshell
3. shell
4. login
5. rexec
Additional services below also can be disabled along with your above mentioned list
ftp,nfs,snmp,nis
Again It depends on your "Security" Standards to follow in your Organisation as advised by your Organisation Auditors
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2010 02:51 AM
тАО02-10-2010 02:51 AM
Re: Blocking all unsecure login services 11.11
# telnet stream tcp nowait root /usr/lbin/telnetd telnetd
# kshell stream tcp nowait root /usr/lbin/remshd remshd -K
# shell stream tcp nowait root /usr/lbin/remshd remshd
# login stream tcp nowait root /usr/lbin/rlogind rlogind
# exec stream tcp nowait root /usr/lbin/rexecd rexecd
finally run the below command to re-read the configuration file (/etc/inetd.conf) which will apply the changes immediately.
# inetd -c
thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2010 03:40 AM
тАО02-10-2010 03:40 AM
Re: Blocking all unsecure login services 11.11
you can block
echo
dischargen
tftp -reqd for ignite-ux
telnet
daytime
ident/auth -reqd for cluster
The best practice is hash out in the inetd.conf file & also you can hash in the /etc/services file.
Note:All the services differ from organization to organization as per their requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2010 07:16 AM
тАО02-10-2010 07:16 AM
Re: Blocking all unsecure login services 11.11
> /etc/services file.
But it may not stop the services, and it may
cause other problems.
PLEASE leave "/etc/services" alone (unless
you really need to add or change something in
it).
PLEASE stop advising people to edit
"/etc/services" to disable network services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-13-2010 10:10 PM
тАО02-13-2010 10:10 PM