HPE Community
Operating System - HP-UX
1751887 Members
4771 Online
108783 Solutions
New Discussion юеВ

Re: need to disable telnet,SNMP etc srvices from server

 
Sreer
Valued Contributor

тАО01-17-2010 11:25 AM

тАО01-17-2010 11:25 AM

need to disable telnet,SNMP etc srvices from server

Hi Gurus,

I have to disable the services mentioned below:
disable following services:
-SNMP
-telnet
-rexec
-rlogin


Can you pls guide me?

Is it only commenting these serices from /etc/rc.config.d/netconf ?

or any other files also need to modify?

thanks for your quick reply.

regards

sree
0 Kudos
Reply
9 REPLIES 9
Sreer
Valued Contributor

тАО01-17-2010 11:39 AM

тАО01-17-2010 11:39 AM

Re: need to disable telnet,SNMP etc srvices from server

hi ,
Sorry a small mistake happened.

it is /etc/inetd.conf...

after puting a # infront of the concerned line we need to run inetd -c

is it enough for all services to disable?

rgds
sree

0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО01-17-2010 01:14 PM

тАО01-17-2010 01:14 PM

Re: need to disable telnet,SNMP etc srvices from server

> is it enough for all services to disable?

Should be, if there's an entry in
"/etc/inetd.conf" for each service which you
would like to disable.

It should be easy enough to test them. I'd
expect a "connection refused" error if the
service has been disabled.
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО01-17-2010 05:48 PM

тАО01-17-2010 05:48 PM

Re: need to disable telnet,SNMP etc srvices from server

>>Is it only commenting these services from /etc/rc.config.d/netconf ?<<<

netconf file refer to

netconf file allows you to identify the network interface name, IP address, and subnet mask of your LAN card, and add entries to the network routing table. As the netconf file has read-only permission, you must have superuser capability to make modifications to this file

nothing to do with "netconf" file, to disable the services like "SNMP,telnet,rexecrlogin" ..

services are listed under /etc/services

The file /etc/services associates official service names and aliases
with the port number and protocol the services use

inetd(1M) inetd(1M)

NOTE: Services currently supported by inetd will work in an IPv6
environment with a few changes to the configuration file
/etc/inetd.conf. (See inetd.conf(4)). When invoked, inetd reads
/etc/inetd.conf and configures itself to support whatever services are
included in that file (see inetd.conf(4)). The inetd daemon also
performs a security check if the file /var/adm/inetd.sec exists
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО01-17-2010 05:53 PM

тАО01-17-2010 05:53 PM

Re: need to disable telnet,SNMP etc srvices from server

if you like to disable services like telnet .etc you need to look for file /etc/services

comment the services by # of the /etc/services
followed by inetd -c to re-read the services files.

Example :-

step 1:-

vi /etc/services

# telnet 23/tcp # Virtual Terminal Protocol

step 2 :-

inetd -c
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО01-17-2010 10:49 PM

тАО01-17-2010 10:49 PM

Re: need to disable telnet,SNMP etc srvices from server

> comment the services by # of the /etc/services

PLEASE, do not do this. Give "/etc/services"
a well deserved rest, and just leave it in
peace.

Removing/commenting a service in
"/etc/services" may not disable the service,
and it could cause other problems.

man services

[...]
The file /etc/services associates official
service names and aliases with the port
number and protocol the services use.
[...]

man inetd.conf

[...]
On invocation, the inetd daemon reads its
configuration information from the
/etc/inetd.conf configuration file, [...]


One file is for mapping service names to
numbers. The other is a configuration file
for inetd. If you wish to control the
services offered by inetd, then its
configuration file is the one to edit.

LEAVE "/etc/services" AS IT IS (unless you
_really_ need to _add_ something to it, or,
much less likely, change something in it).
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО01-17-2010 10:53 PM

тАО01-17-2010 10:53 PM

Re: need to disable telnet,SNMP etc srvices from server

sorry my mistake... please # comment the services by # of the /etc/inetd.conf

sincere apologies :( :( . sorry
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
sujit kumar singh
Honored Contributor

тАО01-18-2010 12:06 AM

тАО01-18-2010 12:06 AM

Re: need to disable telnet,SNMP etc srvices from server

hi


for the snmp part to be desabled, please do the following things:

for the following files in /etc/rc.config.d/

SnmpHpunix
SnmpIpv6
SnmpMaster
SnmpMib2
SnmpNaa
SnmpTrpDst

edit all of them to put 0 in place of 1 so that these do not startup as the system starts.

/sbin/init.d/SnmpFddi4 stop
/sbin/init.d/SnmpHpunix stop
/sbin/init.d/SnmpIpv6 stop
/sbin/init.d/SnmpMaster stop
/sbin/init.d/SnmpMib2 stop
/sbin/init.d/SnmpNaa stop
/sbin/init.d/SnmpTrpDst stop
0 Kudos
Reply
AVV
Super Advisor

тАО01-18-2010 12:33 AM

тАО01-18-2010 12:33 AM

Re: need to disable telnet,SNMP etc srvices from server

Hi Sreekumar,

Please disable the same on /etc/inetd.conf. Ensure you had a backup before you do any editing - BEST PRACTICE :)
0 Kudos
Reply
Sreer
Valued Contributor

тАО01-18-2010 10:12 AM

тАО01-18-2010 10:12 AM

Re: need to disable telnet,SNMP etc srvices from server

Hi All,
Thanks a lot for your valuble inputs.!!

Hi Ajesh,

How are you?

Thanks for your support!

Rgds Sree
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.