- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Restricting inetd started service to a specifi...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2009 12:06 AM
тАО09-21-2009 12:06 AM
I need a certain service that is started through inetd to bind itself to only a particular IP address instead of to every available as is the default behaviour.
On Linux boxes which for ages have been using xinetd on nearly every distro it is absolutely easy to achieve by usage of the "bind" directive within the respective service's individual part of xinetd.conf configuration.
Although xinetd as well as tcpwrappers (the latter of which I would assume might also have some sort of optional bind restriction) are part of HP's InternetExpress bundle, unfortunately HP have discontinued availability of this repository for HP-UX 11.11 (does anyone know why?).
Sadly, the service where I need a restricted bind does only offer this when started stand-alone as a comment from its config file states:
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
Well ok, as last resort I could start it stand-alone via init.
But I would prefer (x)inetd because the service is only used by a single client (i.e. my Nagios server) and then at max. only every 5-10 minutes.
Also, it makes adding or modifying of check commands much easier since there is no restart required afterwards as would be the case for the init script variant.
Are there any other solutions for inetd services viable (apart from maybe some host-based packet filter)?
Regards
Ralph
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2009 12:44 AM
тАО09-21-2009 12:44 AM
SolutionPerhaps because they want you to use 11.31?
You do know you have a copy of InternetExpress on your 11.11 installation CDs.
http://www.hp.com/go/internetexpress
Internet Express for HP-UX 11i v1 is available as version A.10.00 in the OE/AR media kit 0803. This is the last release for HP-UX 11i v1 and no new versions are available as a Software Depot download.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2009 04:37 AM
тАО09-21-2009 04:37 AM
Re: Restricting inetd started service to a specific bind address
The difference between a standalone server and a (x)inetd operated server is architectural, not functional:
When inetd starts a server (external in this case) it passes the accepted incoming socket connection (the client that connected) to the server process in file descriptors 0, 1 and 2. This leaves the server process with no chance to bind nowhere as the socket was already created AND bound by (x)inetd. This *should* be the reason for the "NOTE" in NRPE's conf file.
Therefore, if you could get xinetd for you OS version give it a try with NRPE using the correct IP (bind directive) and port number (port directive) in xinetd.conf and you should be done.
Regards,
Kobylka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2009 05:22 AM
тАО09-23-2009 05:22 AM
Re: Restricting inetd started service to a specific bind address
thank you for your hints and explanations.
However, I think that I can live with (in this case) an nrpe service which binds to every IP address because I found another way by more clever Nagios configuration and use of plug-ins to direct checks to either the cluster nodes or the cluster virtual hosts as required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 01:45 AM
тАО09-25-2009 01:45 AM
Re: Restricting inetd started service to a specific bind address
neither do I receive media order forms for a set of OE 11.11 CDs/DVDs from HP's media shipping contractor in Galway, Ireland,
nor am I getting a form that would have check boxes for such a set on HP's website after I have logged in.
All I am provided with are ordering forms for either 11.11 Application Software sets (which according to CD_TABLE_OF_CONTENTS don't include any piece of the InternetExpress Software,
or alternatively order forms for Base OE 11i Version 3 DVD Sets.
This really sucks because we only have 11.11 hosts running for some of which we do have valid SW support contracts, but not a single 11i V2-V3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2009 03:05 AM
тАО09-25-2009 03:05 AM
Re: Restricting inetd started service to a specific bind address
You probably need to contact the Response Center to help you interpret that web page as to where you can get InternetExpress.