HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

services daytime, time and ident

 
SOLVED
Go to solution
Carme Torca
Super Advisor

services daytime, time and ident

Hi,

I would like to know if this services (daytime, time and ident) are necessary to work in an hpux with and without cluster, because we have security people that want to eliminated this services.

Thank-you very much!
Carmen.

Users are not too bad ;-)
4 REPLIES
Johnson Punniyalingam
Honored Contributor
Solution

Re: services daytime, time and ident

>>>I would like to know if this services (daytime, time and ident) are necessary to work <<

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1123907

>>in an hpux with and without cluster,<<

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1394174


Thanks,
Regards,
Johnson
Problems are common to all, but attitude makes the difference

Re: services daytime, time and ident

They are absolutely correct, you don't need these.
Horia Chirculescu
Honored Contributor

Re: services daytime, time and ident

Hello,

Please read this thread about identd:

http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=3203314&prodTypeId=18964&objectID=c01680756

The rest of the services I believe can be safely stopped (even recommended becouse can be used for some kind of attack based on echo packets).

Horia.
Best regards from Romania,
Horia.
Matti_Kurkela
Honored Contributor

Re: services daytime, time and ident

"daytime" and "time" are not necessary. You can disable them.

"ident" is required/recommended for a Serviceguard cluster. This requirement depends on Serviceguard version; newer versions allow disabling it, but it's recommended to keep it running, as it improves Serviceguard security.

However, it needs to be available for cluster members only. You could use an inetd.sec file to implement this restriction.

See "man 4 inetd.sec".

Also, see the release notes of your Serviceguard version and/or Chapter 5 of the "Managing Serviceguard" manual, section "Managing the running cluster", heading "Disabling identd".

This whitepaper offers advice for securing Serviceguard and some more information about its use of the ident service:
http://docs.hp.com/en/5874/securingserviceguard0903.pdf

MK
MK