HPE Community
Operating System - HP-UX
1753327 Members
4928 Online
108792 Solutions
New Discussion юеВ

Blocking all unsecure login services 11.11

 
SOLVED
Go to solution
Eli_pok
Frequent Advisor

тАО02-09-2010 10:39 PM

тАО02-09-2010 10:39 PM

Blocking all unsecure login services 11.11

Hi,

I need to close all the unsecured login services in a HPUX 11i system (bringing it to the Linux standard).

As I see it unsecured services are the one that send the password in non encrypted way.

The way I know to do so is to comment out the unwanted services in the /etc/inetd.conf file.
Any ideas to do it better will help.

And I need to know what services to block ?
For now I know :
1. telnet
2. kshell
3. shell
4. login
5. rexec
0 Kudos
5 REPLIES 5
Johnson Punniyalingam
Honored Contributor

тАО02-09-2010 10:50 PM

тАО02-09-2010 10:50 PM

Solution

Re: Blocking all unsecure login services 11.11

>>>>The way I know to do so is to comment out the unwanted services in the /etc/inetd.conf file.
Any ideas to do it better will help.<<<<<<

AFAIK -> comment out below mentioned services in the "inetd.conf" is best idea.

>>>And I need to know what services to block ?
For now I know :<<<
1. telnet
2. kshell
3. shell
4. login
5. rexec

Additional services below also can be disabled along with your above mentioned list

ftp,nfs,snmp,nis


Again It depends on your "Security" Standards to follow in your Organisation as advised by your Organisation Auditors
Problems are common to all, but attitude makes the difference
0 Kudos
sarfaraj ahmad
Trusted Contributor

тАО02-10-2010 02:51 AM

тАО02-10-2010 02:51 AM

Re: Blocking all unsecure login services 11.11

please comment above mentioned services in internet daemon configuration file /etc/inetd.conf file and save. as example given below,


# telnet stream tcp nowait root /usr/lbin/telnetd telnetd
# kshell stream tcp nowait root /usr/lbin/remshd remshd -K
# shell stream tcp nowait root /usr/lbin/remshd remshd

# login stream tcp nowait root /usr/lbin/rlogind rlogind
# exec stream tcp nowait root /usr/lbin/rexecd rexecd


finally run the below command to re-read the configuration file (/etc/inetd.conf) which will apply the changes immediately.

# inetd -c


thanks.
0 Kudos
Sachin Kumbla
Frequent Advisor

тАО02-10-2010 03:40 AM

тАО02-10-2010 03:40 AM

Re: Blocking all unsecure login services 11.11

hi

you can block
echo
dischargen
tftp -reqd for ignite-ux
telnet
daytime
ident/auth -reqd for cluster


The best practice is hash out in the inetd.conf file & also you can hash in the /etc/services file.


Note:All the services differ from organization to organization as per their requirement.
0 Kudos
Steven Schweda
Honored Contributor

тАО02-10-2010 07:16 AM

тАО02-10-2010 07:16 AM

Re: Blocking all unsecure login services 11.11

> [...] & also you can hash in the
> /etc/services file.

But it may not stop the services, and it may
cause other problems.

PLEASE leave "/etc/services" alone (unless
you really need to add or change something in
it).

PLEASE stop advising people to edit
"/etc/services" to disable network services.
0 Kudos
Eli_pok
Frequent Advisor

тАО02-13-2010 10:10 PM

тАО02-13-2010 10:10 PM

Re: Blocking all unsecure login services 11.11

Thanks.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.