GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Banners Elimination on services !
Operating System - HP-UX
1849297
Members
6532
Online
104042
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2003 10:01 AM
04-21-2003 10:01 AM
Hi !
After a security auditing to my servers (HPUX 11.00). I receive the suggestion to eliminate the banners that appear when you use FTP service to HPUX servers.
"
Conected to 200.10.34.22.
220 s_inb_01 FTP server (Version 1.1.214.8 Fri Apr 20 07:27:42 GMT 2001) ready.
User (200.10.34.22:(none)):"
And I have a sendmail server that need to eliminate these banners on POP3 and SMTP services.
Somebody have an idea to do that ?
Thank??s in advance !
After a security auditing to my servers (HPUX 11.00). I receive the suggestion to eliminate the banners that appear when you use FTP service to HPUX servers.
"
Conected to 200.10.34.22.
220 s_inb_01 FTP server (Version 1.1.214.8 Fri Apr 20 07:27:42 GMT 2001) ready.
User (200.10.34.22:(none)):"
And I have a sendmail server that need to eliminate these banners on POP3 and SMTP services.
Somebody have an idea to do that ?
Thank??s in advance !
"Enjoy the life .."
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2003 10:32 AM
04-21-2003 10:32 AM
Solution
/etc/ftpd is the location of the banner and configuration files. You can change the contents there.
The other daemon's mentione are controlled by their parameters in /etc/inetd.conf
You can change the "command line" options, save the file and then inetd -c to reload.
I'm attaching my standard security post recommending a few free products that will GREATLY enhance your security. The best and most comprehensive is called Bastille.
Security Software
So sendmail has to run and its possible to direct mail at this exploit with a telnet session.
So we installed the latest sendmail 8.11.1 patch and will be installed the new binaries after making sure the patch didn't do anything bad.
Here is how we keep up on these security issues.
Fist we subscribe to itrc security bulletins, which you apparently already do.
Next we use the following tools to harden security on our system and notify us of security patches.
Bastille Security hardening
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
Perl which the above needs.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
TCP Wrappers
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP
IDS/9000 (Intrusion Detection Sytstem)
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA
Get all these products working you'll be quite secure.
Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
Attaching a secure shell cookbook.
more than you wanted, but hopefully useful nonetheless.
SEP
The other daemon's mentione are controlled by their parameters in /etc/inetd.conf
You can change the "command line" options, save the file and then inetd -c to reload.
I'm attaching my standard security post recommending a few free products that will GREATLY enhance your security. The best and most comprehensive is called Bastille.
Security Software
So sendmail has to run and its possible to direct mail at this exploit with a telnet session.
So we installed the latest sendmail 8.11.1 patch and will be installed the new binaries after making sure the patch didn't do anything bad.
Here is how we keep up on these security issues.
Fist we subscribe to itrc security bulletins, which you apparently already do.
Next we use the following tools to harden security on our system and notify us of security patches.
Bastille Security hardening
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA
Perl which the above needs.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL
Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
TCP Wrappers
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP
IDS/9000 (Intrusion Detection Sytstem)
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA
Get all these products working you'll be quite secure.
Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
Attaching a secure shell cookbook.
more than you wanted, but hopefully useful nonetheless.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2003 10:52 AM
04-21-2003 10:52 AM
Re: Banners Elimination on services !
First. you will want to create /etc/ftpd/ftpaccess, and put the following in it:
class ALL real *
banner /etc/ftp.banner
suppresshostname yes
suppressversion yes
The banner command tells ftpd to display the contents of the specified file upon connection.
The suppresshostname and suppressversion commands tell ftpd to be quite about who or what it is.
The class line is needed to allow users to log in whan ftpaccess is enabled. The syntax is class , where type can be anonymous, guest and real, and address is a valid network address or wildcard.
Next, change the ftp line in /etc/inetd.conf from:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
to
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
The -a option to ftpd tells it to read the /etc/ftpd/ftpaccess file and follow the directive there.
Finally, tell inetd to re-read its configuration (inetd -c). Test it out and make sure your users still have access; a typo or misplaced line can lock users out.
See the ftpd and ftpaccess man pages.
class ALL real *
banner /etc/ftp.banner
suppresshostname yes
suppressversion yes
The banner command tells ftpd to display the contents of the specified file upon connection.
The suppresshostname and suppressversion commands tell ftpd to be quite about who or what it is.
The class line is needed to allow users to log in whan ftpaccess is enabled. The syntax is class
Next, change the ftp line in /etc/inetd.conf from:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
to
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
The -a option to ftpd tells it to read the /etc/ftpd/ftpaccess file and follow the directive there.
Finally, tell inetd to re-read its configuration (inetd -c). Test it out and make sure your users still have access; a typo or misplaced line can lock users out.
See the ftpd and ftpaccess man pages.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP