HPE Community
Operating System - HP-UX
1822500 Members
2658 Online
109642 Solutions
New Discussion юеВ

disabling ports

 
SOLVED
Go to solution
Lonny Balderston
Frequent Advisor

тАО11-07-2006 11:22 AM

тАО11-07-2006 11:22 AM

disabling ports

Greetings. How under HP-UX 11.11 does one disable ports, i.e. 37/tcp time, 135/tcp msrpc, 512/tcp exec, 515/tcp printer, 7000/tcp afs3-fileserver, etc? Also, how does one display which ports are enabled? Thank you.





0 Kudos
Reply
4 REPLIES 4
Rajeev Shukla
Honored Contributor

тАО11-07-2006 11:43 AM

тАО11-07-2006 11:43 AM

Re: disabling ports

You can list the services that use these ports by looking at /etc/services file and if you think that you wont be using those services then you can disable those ports by commenting them in /etc/services and any changes to the file are immediately reflected.
To see what ports are open in the system you can either look at /etc/services file or do netstat -an|grep LISTEN these are the ports that are open by the system for listening and netstat -an|grep ESTABLISHED will give the list of ports that the system is using and are etablished (dont remove these ports as they are being used and might affect the system)

Cheers
Rajeev
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО11-07-2006 11:49 AM

тАО11-07-2006 11:49 AM

Re: disabling ports

The /etc/services can be useful for tracking down what applications are associated with what ports. Commenting items out there will not accomplish a whole lot.

To disable active ports you need to do 1 of 2 things:

1) If the port is activated via inetd, then comment out the appropriate service line in /etc/inetd.conf. When that is done, have inetd re-read the file by doing an 'inetd -c'.

2) If the port is opened by some specific application, then you need to stop that application to close the port.

As mentioned, 'netstat -a' will show you which ports are listening for connections. Another useful tool is lsof. lsof can show the same type of information, plus a whole lot else. lsof can be very useful for what you want to do.
Reply
David de Beer
Valued Contributor

тАО11-08-2006 08:00 PM

тАО11-08-2006 08:00 PM

Re: disabling ports


I don't think there is a way of 'disabling' ports on HPUX. You can edit the /var/adm/inetd.sec file - but this is only for hosts trying to get To your machine. It does not stop a local user from starting a daemon on a local port.

All ports are enabled by default - you can only check which ones are currently being used. As mentioned 'netstat -na | grep LISTEN' will give you ports on which daemons have been started, but a local user can start a daemon at any time. First come, first served.

Regards,
David.
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

тАО11-09-2006 02:11 AM

тАО11-09-2006 02:11 AM

Solution

Re: disabling ports

Lonny,
As others have already pointed out, commenting
entries in /etc/services will NOT do what you
want. Others have also suggested how to achieve
what you want.

It appears to me that you want to block a lot of
ports that you don;t use. If so, you should
seriously consider using IPFilter system firewall
to block all the ports and open only the ones you
want to use. It's very easy to configure (only
takes a minutes) and you are sure that
everything blocked except for the ones you
explicitely leave open. For 11.11, the free IPFilter
software is available at software.hp.com.

- Biswajit
:-)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.