HPE Community
Operating System - HP-UX
1820605 Members
1804 Online
109626 Solutions
New Discussion юеВ

Re: disable security need ftp, telnet, ping

 
bigdaddy68
Advisor

тАО04-29-2011 07:07 AM

тАО04-29-2011 07:07 AM

disable security need ftp, telnet, ping

Help,

I loaded 11.31 (Mar2011) with all that security sw (Bastille, Secure Containment)options and now I can't telnet or ftp in over the network. Developers will scream at me before too long - help - how do I disable ?

netstat -an says ftp port is open,uid is not listed in /etc/ftpd/ftpusers and ftpd is enabled in /etc/inetd.conf (telnet same same)

local ftp,telnet,ping do work on system using hostname or localhost - i got in via ssh which worked from install

i am heading out to buy donuts for the developers so as to distract them in the interim

embarrased
bigdaddy68
BigDaddy68
0 Kudos
Reply
3 REPLIES 3
Steven Schweda
Honored Contributor

тАО04-29-2011 07:56 AM

тАО04-29-2011 07:56 AM

Re: disable security need ftp, telnet, ping

"I can't" is not a useful problem
description. It does not say what you did.
It does not say what happened when you did
it.

> netstat -an says ftp port is open [...]

As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions or interpretations.

Depending on the actual symptom, likely
causes may include firewalls (internal or
external).

> [...] with all that security sw [...]

Not a very detailed description of the
configuration of any of all that.
0 Kudos
Reply
bigdaddy68
Advisor

тАО04-29-2011 08:32 AM

тАО04-29-2011 08:32 AM

Re: disable security need ftp, telnet, ping


from a Windows client

ftp: connect: Unknown error number

netstat -a | grep LIST | grep {tel, ftp}

tcp 0 0 *.ftp *.* LISTEN
tcp 0 0 *.telnet *.* LISTEN

they are uncommented in /etc/inetd.conf

telnet stream tcp6 nowait root /usr/lbin/telnetd telnetd -b /etc/issue

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l

i have run inetd -c

the user I ftp in is NOT listed in /etc/ftpd/ftpusers and I am using local files based naming..


BigDaddy68
0 Kudos
Reply
sangilak
Trusted Contributor

тАО04-30-2011 03:51 AM

тАО04-30-2011 03:51 AM

Re: disable security need ftp, telnet, ping

Hi,


My guess is that you selected Sec20MngDMZ or a higher security level during installation time. This will enable ipfilter and will automatically block any insecure (clear-text) protocols, such as telnet, ftp,...

Check the Security Considerations starting on page 48 from the below document for more details:
http://www.filibeto.org/unix/hp-ux/lib/rel/11.31/installation-5991-6460.pdf

Try to disable ipfilter and check if that works for your developers:
# /opt/ipf/bin/ipfilter -d

Keep in mind that afterwards you will need to configure ipfilter again to suit your required needs...


Hope that helps,

sangilak
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.