TruCluster
cancel
Showing results for 
Search instead for 
Did you mean: 

Required services for Trucluster to work?

SOLVED
Go to solution
shauns
Occasional Visitor

Required services for Trucluster to work?

This is my first forum post :)

Our security team would like the following inetd.conf entries disabled in order to secure the Tru64 servers on the network.

shell stream tcp nowait root /usr/sbin/rshd rshd
login stream tcp nowait root /usr/sbin/rlogind rlogind
exec stream tcp nowait root /usr/sbin/rexecd rexecd

I got to thinking that one or more of these are needed for the Trucluster during patching or rolling upgrades. But are these services needed for day to day cluster operations?

Thanks!
Shaun
4 REPLIES
Ivan Ferreira
Honored Contributor
Solution

Re: Required services for Trucluster to work?

Welcome to the forum!

Those services are required to cluster operations, you should not disable those services.

If you want to increase security, you could put the cluster behind a firewall:


cluster ---- firewall ------ network

Allow the use of only requried ports/services through the firewall.

The use of tcpwrappers also is not recommeded for TruCluster (That information I got from HP support, they do not support tcpwrappers on truclusters).
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
shauns
Occasional Visitor

Re: Required services for Trucluster to work?

Thanks for the reply!
The firewall seems like the best/only route to go.

thanks!
Shaun
Ann Majeske
Honored Contributor

Re: Required services for Trucluster to work?

rshd, rlogind, and rexecd are required for clusters, but you can configure these to run over secure shell instead of just using the normal version. See Section B.4 of the Security Administration manual.

Ann
shauns
Occasional Visitor

Re: Required services for Trucluster to work?

That works for me. I will look at B.4.

Thanks
Shaun