HPE Community
Operating System - HP-UX
1847211 Members
7092 Online
110263 Solutions
New Discussion

Do I need these services in inetd.conf

 
SOLVED
Go to solution
Dave Johnson_1
Super Advisor

‎07-13-2006 07:53 AM

‎07-13-2006 07:53 AM

Do I need these services in inetd.conf

We recently got dinged on our IS audit for having some services enabled in the inetd.conf file. I do not know what these are for. Please advise so I can determine if I need them or if they can be disabled.
echo, chargen, ntalk, printer, daytime, time, discard
Thank in advance,
-Dave
0 Kudos
6 REPLIES 6
Tom Danzig
Honored Contributor

‎07-13-2006 07:57 AM

‎07-13-2006 07:57 AM

Solution

Re: Do I need these services in inetd.conf

No. They are old and obsolete and no longer in use. They can be safely commented in you inetd.conf file.
0 Kudos
Kent Ostby
Honored Contributor

‎07-13-2006 07:58 AM

‎07-13-2006 07:58 AM

Re: Do I need these services in inetd.conf

All of those are commented out on my system's inetd.conf file.
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎07-13-2006 08:03 AM

‎07-13-2006 08:03 AM

Re: Do I need these services in inetd.conf

All of them with the possible exception of printer can (and almost certainly should) be disabled. Is this host, hosting Remote Printers (in HP-UX speak) for other boxes? If so, then you need the rlpdaemon; otherwise, it too can be commented out.

Just place '#' in front of each of these line, save the file, and issue an 'inetd -c' command to send a SIGHUP (ie, a kill -1 inetd_pid) to the running inetd daemon; this will trigger a reconfiguration of the inetd daemon w/o losing current connections.
If it ain't broke, I can fix that.
0 Kudos
Geoff Wild
Honored Contributor

‎07-13-2006 08:25 AM

‎07-13-2006 08:25 AM

Re: Do I need these services in inetd.conf

Yes - you can disable those.

You can also disable ident as well.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Jeff_Traigle
Honored Contributor

‎07-13-2006 08:27 AM

‎07-13-2006 08:27 AM

Re: Do I need these services in inetd.conf

Like Clay said, the printer service is the only one you might need.

ntalk is an old protocol for host-to-host communication tool "talk". See the talk man page if your curious about it, but it's been considered a major security hole for many many years.

The others are internal inetd services and are listed in the inetd man page. Telnet to each of the ports, as defined in /etc/services, and you can actually see what they do, but the names are fairly self-describing.
--
Jeff Traigle
0 Kudos
Dave Johnson_1
Super Advisor

‎07-14-2006 01:24 AM

‎07-14-2006 01:24 AM

Re: Do I need these services in inetd.conf

Thank you all for your comments. I will be including this thread in the documentation for the auditors as reasons for turning these off.
-Dave
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.