HPE Community
Operating System - HP-UX
1826230 Members
5264 Online
109692 Solutions
New Discussion

Disabling ftp and tftp access to a HP9000 Unix server

 
Khalil Ahmed
Frequent Advisor

‎08-22-2005 04:07 AM

‎08-22-2005 04:07 AM

Disabling ftp and tftp access to a HP9000 Unix server

Hi, I would like to control FTPing into any of the Unix servers. I thought that if one disabled the ftp and tftp services in the /etc/services file (by hashing them out) this would prevent anyone from FTPing into the server. However, I have just tested this out and found that I could still use FTP Client and ftp to the Unix server from my PC (???).

We use ftp minimally so would rather keep ftp disabled and only enable when required, (rather than disabling it permanently and using SFTP).

Could someone please tell me how I can go about stopping FTPing into the Unix boxes?

Thanks

Khalil


0 Kudos
Reply
9 REPLIES 9
Tim Nelson
Honored Contributor

‎08-22-2005 04:10 AM

‎08-22-2005 04:10 AM

Re: Disabling ftp and tftp access to a HP9000 Unix server

the services file is only a port number to name lookup file.

need to modify /etc/inetd.conf ( then tell inetd to re-read config with inetd -c )

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎08-22-2005 04:10 AM

‎08-22-2005 04:10 AM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Edit /etc/inetd.conf and comment the ftp entries. Then issue "inetd -c" to force a reconfiguration on inetd. Editing the services file does nothing -- that is only a name to port number mapping file.

To reenable the service(s), again edit the inetd.conf file and execute inetd -c.
If it ain't broke, I can fix that.
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎08-22-2005 04:11 AM

‎08-22-2005 04:11 AM

Re: Disabling ftp and tftp access to a HP9000 Unix server

comment out the entries in /etc/inetd.conf as well, as these are the directives telling your system what to do when an ftp request comes in.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Pedro Cirne
Esteemed Contributor

‎08-22-2005 04:11 AM

‎08-22-2005 04:11 AM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Hi,

You must also disable on /etc/inetd.conf

Then restart inetd daemon, by sending:

#kill -HUP

Enjoy :)

Pedro
0 Kudos
Reply
Raj D.
Honored Contributor

‎08-22-2005 05:21 AM

‎08-22-2005 05:21 AM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Hi Khalil,

You can do the following:

1. # vi /etc/inetd.conf

2. put a # in the begining of the entry
"ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a -u000"

3. # /usr/sbin/inetd -c [ to re-read the entry in /etc/inetd.conf ]

This will disable ftp access , when required.

Cheers,

RajD.
----
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎08-22-2005 03:34 PM

‎08-22-2005 03:34 PM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Khalil,
/etc/services file, as some else already
suggested, is only a name to port lookup
service. A service is NOT disabled if you
comment out a line in /etc/services.

While you could block ftp and tftp by modifying
inetd.conf file, as others have suggested, you
should consider using a desktop firewall (like
IPFilter), or better still, bastille (which,
among other things, also configures a desktop
firewall).

- Biswajit
:-)
0 Kudos
Reply
John E.Ophious
Regular Advisor

‎08-23-2005 12:14 PM

‎08-23-2005 12:14 PM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Khalil,

/etc/inetd.conf. Check it out ok?

Peace on earth,

John E. Ophious
0 Kudos
Reply
Khalil Ahmed
Frequent Advisor

‎08-23-2005 09:24 PM

‎08-23-2005 09:24 PM

Re: Disabling ftp and tftp access to a HP9000 Unix server

Thanks everyone for your replies.

Just one more thing... what's tftp used for?

I thought it was required for ignite?... however when I hashed out the line below from the inetd.conf file and ran "inetd -c" I found I could still do an ignite backup directly on the machine???

#tftp dgram udp wait root /usr/lbin/tftpd\
# tftpd /opt/ignite /var/opt/ignite

Regards

Khalil
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

‎08-23-2005 09:30 PM

‎08-23-2005 09:30 PM

Re: Disabling ftp and tftp access to a HP9000 Unix server

tftp(d) is used by ignite recoverys, not backups.

when You issue
boot lan

or anything like that, the installation kernel will be fetched via tftp from /opt/ignite/bin.

it means trivial file transfer protocol, and that's about it.
It's definitely not a very safe means of transfering data, but at least all it's weaknesses are known after many years of using it, and also it's small enough to fit in the system firmware.

you can disable it if You don't have to netinstall Your ignite clients (i.e. when using an ignite boot tape create by make_boot_tape) or if You have good documentation for recovery containing a 'reenable and testing of tftpd line'

:)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.