System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking all unsecure login services 11.11

SOLVED
Go to solution
Eli_pok
Frequent Advisor

Blocking all unsecure login services 11.11

Hi,

I need to close all the unsecured login services in a HPUX 11i system (bringing it to the Linux standard).

As I see it unsecured services are the one that send the password in non encrypted way.

The way I know to do so is to comment out the unwanted services in the /etc/inetd.conf file.
Any ideas to do it better will help.

And I need to know what services to block ?
For now I know :
1. telnet
2. kshell
3. shell
4. login
5. rexec
5 REPLIES
Johnson Punniyalingam
Honored Contributor
Solution

Re: Blocking all unsecure login services 11.11

>>>>The way I know to do so is to comment out the unwanted services in the /etc/inetd.conf file.
Any ideas to do it better will help.<<<<<<

AFAIK -> comment out below mentioned services in the "inetd.conf" is best idea.

>>>And I need to know what services to block ?
For now I know :<<<
1. telnet
2. kshell
3. shell
4. login
5. rexec

Additional services below also can be disabled along with your above mentioned list

ftp,nfs,snmp,nis


Again It depends on your "Security" Standards to follow in your Organisation as advised by your Organisation Auditors
Problems are common to all, but attitude makes the difference
sarfaraj ahmad
Trusted Contributor

Re: Blocking all unsecure login services 11.11

please comment above mentioned services in internet daemon configuration file /etc/inetd.conf file and save. as example given below,


# telnet stream tcp nowait root /usr/lbin/telnetd telnetd
# kshell stream tcp nowait root /usr/lbin/remshd remshd -K
# shell stream tcp nowait root /usr/lbin/remshd remshd

# login stream tcp nowait root /usr/lbin/rlogind rlogind
# exec stream tcp nowait root /usr/lbin/rexecd rexecd


finally run the below command to re-read the configuration file (/etc/inetd.conf) which will apply the changes immediately.

# inetd -c


thanks.
Sachin Kumbla
Frequent Advisor

Re: Blocking all unsecure login services 11.11

hi

you can block
echo
dischargen
tftp -reqd for ignite-ux
telnet
daytime
ident/auth -reqd for cluster


The best practice is hash out in the inetd.conf file & also you can hash in the /etc/services file.


Note:All the services differ from organization to organization as per their requirement.
Steven Schweda
Honored Contributor

Re: Blocking all unsecure login services 11.11

> [...] & also you can hash in the
> /etc/services file.

But it may not stop the services, and it may
cause other problems.

PLEASE leave "/etc/services" alone (unless
you really need to add or change something in
it).

PLEASE stop advising people to edit
"/etc/services" to disable network services.
Eli_pok
Frequent Advisor

Re: Blocking all unsecure login services 11.11

Thanks.