HPE Community
Operating System - HP-UX
1752806 Members
6045 Online
108789 Solutions
New Discussion юеВ

Disable some daemons on a secure HP-UX server

 
SOLVED
Go to solution
kaushikbr
Frequent Advisor

тАО04-16-2007 09:35 PM

тАО04-16-2007 09:35 PM

Disable some daemons on a secure HP-UX server

Hi,

For security reasons we have to disable the following daemons or services on a HP-UX B11.23 IA server. What is the best way to do it ?
Thanks and regards
For all you suggestions.

Kaushik

Services/Daemons to be disabled :
bootps
tftp
ftpd
finger
shell
login
rusersd
walld
exec
talk
chargen
comsat
daytime
discard
rexd
sprayd
echo
rlogind
remshd
0 Kudos
4 REPLIES 4
network_4
Advisor

тАО04-16-2007 09:40 PM

тАО04-16-2007 09:40 PM

Solution

Re: Disable some daemons on a secure HP-UX server

Rename the binaries of respective services
0 Kudos
VK2COT
Honored Contributor

тАО04-16-2007 09:50 PM

тАО04-16-2007 09:50 PM

Re: Disable some daemons on a secure HP-UX server

Hello,

There are couple of ways.

a) Use Bastille to automate it for you;

b) Edit /etc/inetd.conf and comment
out all of the protocols you listed above.

Then, restart the server or inetd itself...

c) Then, use some audit method to check
the server configuration.

If you trust me, you can use a Perl script
that runs over 200 tests (and now includes
support for HP-UX 11.31 as well):

http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt

It helps me a lot on many servers I work on
for customers every day :)

Of course, there are many other scripts around...

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Steven E. Protter
Exalted Contributor

тАО04-16-2007 10:38 PM

тАО04-16-2007 10:38 PM

Re: Disable some daemons on a secure HP-UX server

Shalom,

>>
Rename the binaries of respective services
>>

No, this will cause errors and problems.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Requires:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL

Note you can manualy disable many of these services in inetd.conf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
kaushikbr
Frequent Advisor

тАО04-16-2007 11:51 PM

тАО04-16-2007 11:51 PM

Re: Disable some daemons on a secure HP-UX server

Hi,

Thank you all for your replies.

I was not aware of "bastille", this is a wonderful tool. I find it very useful for a novice administrator such as myself. However I was not sure ( before starting this thread )that disabling these daemons / services from the inetd.conf was the way to go forward. Thank you all for your very useful suggestions.


Regards
Kaushik
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.