- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Disable some daemons on a secure HP-UX server
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2007 09:35 PM
тАО04-16-2007 09:35 PM
For security reasons we have to disable the following daemons or services on a HP-UX B11.23 IA server. What is the best way to do it ?
Thanks and regards
For all you suggestions.
Kaushik
Services/Daemons to be disabled :
bootps
tftp
ftpd
finger
shell
login
rusersd
walld
exec
talk
chargen
comsat
daytime
discard
rexd
sprayd
echo
rlogind
remshd
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2007 09:40 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2007 09:50 PM
тАО04-16-2007 09:50 PM
Re: Disable some daemons on a secure HP-UX server
There are couple of ways.
a) Use Bastille to automate it for you;
b) Edit /etc/inetd.conf and comment
out all of the protocols you listed above.
Then, restart the server or inetd itself...
c) Then, use some audit method to check
the server configuration.
If you trust me, you can use a Perl script
that runs over 200 tests (and now includes
support for HP-UX 11.31 as well):
http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt
It helps me a lot on many servers I work on
for customers every day :)
Of course, there are many other scripts around...
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2007 10:38 PM
тАО04-16-2007 10:38 PM
Re: Disable some daemons on a secure HP-UX server
>>
Rename the binaries of respective services
>>
No, this will cause errors and problems.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
Requires:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL
Note you can manualy disable many of these services in inetd.conf
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2007 11:51 PM
тАО04-16-2007 11:51 PM
Re: Disable some daemons on a secure HP-UX server
Thank you all for your replies.
I was not aware of "bastille", this is a wonderful tool. I find it very useful for a novice administrator such as myself. However I was not sure ( before starting this thread )that disabling these daemons / services from the inetd.conf was the way to go forward. Thank you all for your very useful suggestions.
Regards
Kaushik