HPE Community
Operating System - HP-UX
1833382 Members
3435 Online
110052 Solutions
New Discussion

Re: disable services under /etc/rc.config.d

 
SOLVED
Go to solution
Crystal_1
Frequent Advisor

‎10-02-2002 05:46 AM

‎10-02-2002 05:46 AM

disable services under /etc/rc.config.d

Hi guys,

I am reviewing the CIS HP-UX Benchmark and I can't figure out why I should turn off the following services:

netconf: RARP=0; RDPD=0
ptydaemon: PTYDAEMON_START=0
vt: VTDAEMON_START=0
netdaemons: DDFA=0

Can some one explain to me how this helps secure a host?

Thanks

0 Kudos
Reply
6 REPLIES 6
Sridhar Bhaskarla
Honored Contributor

‎10-02-2002 05:49 AM

‎10-02-2002 05:49 AM

Re: disable services under /etc/rc.config.d

Hi,

The thumb rule for security is to turn-off all the services that are not required to run. It does not necessarily mean that there were security issues found with them. But from a hacker's perspective, anything that is opened is worth a try.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎10-02-2002 06:00 AM

‎10-02-2002 06:00 AM

Re: disable services under /etc/rc.config.d

RARP allows someone to spoof MAC addresses with a simple broadcast, which could redirect your servers.
If you are required to run arpd for some reason, then by all means feel free to keep it up.

I think the general recommendations will tell you to restrict ports with known vulnerabilities as well as rarely used networking which could be used for exploitation. I.E. NIS/rwhod
Since daemons do not start for services, this also reduces system overhead and can lead to better performance.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎10-02-2002 06:00 AM

‎10-02-2002 06:00 AM

Re: disable services under /etc/rc.config.d

If the service is there, any vulnerabilities, if they exist, can be exploited. If the services are not required, then shut them down for enhanced security (if it aint runnin' , you can't hack it).

You may want to check what other services are available in inetd.conf and disable any your server does not require.
0 Kudos
Reply
Crystal_1
Frequent Advisor

‎10-02-2002 06:47 AM

‎10-02-2002 06:47 AM

Re: disable services under /etc/rc.config.d

Hi,

It's understood that I should disable all unecessary services. I don't understand what those settings are used for? Such as, what is PTY daemon, vt daemon, ddfa etc. I couldn't get info from the file.

Crystal

0 Kudos
Reply
Shannon Petry
Honored Contributor

‎10-02-2002 07:18 AM

‎10-02-2002 07:18 AM

Solution

Re: disable services under /etc/rc.config.d

DDFA is two parts.
1st is the DTC: Data communications and terminal controller.
2nd is the DDFA Data Device File access software.
Specifically, the DDFA consists of the ptydaemon, vtydaemon, ddp, and ocd which play a role in allowing remote terminal access through a listening daemon.

NOTE: Standard Access is done through programs launched by inetd such as remsh, rexec, rlp, etc..

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-02-2002 07:35 AM

‎10-02-2002 07:35 AM

Re: disable services under /etc/rc.config.d

Hi,

RARP = For network boot clients
RDPD = Router discovery protocol that can automatically update the routing tables.
ptydaemon = For shell layers. If you use a dumb terminal, you can use shl to get more sessions (shells).
vtdaemon = For "vt" users. Another login methodology to access remote systems.
DDFA: Provides interfaces to access terminal server ports

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.