HPE Community
Operating System - HP-UX
1819834 Members
2776 Online
109607 Solutions
New Discussion юеВ

/etc/services - what are some of them really needed for?

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

тАО07-13-2003 03:55 PM

тАО07-13-2003 03:55 PM

/etc/services - what are some of them really needed for?

Hopefully this question is a simple one ...
Is there anywhere where i can find out what all the services are in the /etc/services file?
We are running hpux 11.00 on RP2450 and 70 machines. obvioulsy when machines are setup the first time the services are enabled by default. We have just been through an security audit and I really need to know what some of these obscure looking services are really needed for? eg..portmap, supdup, domain, clvm-cfg,bgp...
Also, in our audit report there were some services enabled, but they are not listed in the /etc/services file. eg. 49155 - nlockmgr, 4045 - llockmgr, Would anyone be able to name some alternate places where I can perhaps find where these services are being enabled from?
Thanks for your help.....points are worth it as always... Maria
0 Kudos
Reply
7 REPLIES 7
Michael Tully
Honored Contributor

тАО07-13-2003 04:11 PM

тАО07-13-2003 04:11 PM

Solution

Re: /etc/services - what are some of them really needed for?

 
Anyone for a Mutiny ?
Reply
Rajeev Shukla
Honored Contributor

тАО07-13-2003 04:14 PM

тАО07-13-2003 04:14 PM

Re: /etc/services - what are some of them really needed for?

Hi Maria,

/etc/services list all the services enabled with the port number and the protocol used and when a system is build it is advisable not to remove any services from the /etc/services file otherwise the system might become unstable.
Also if in your audit you have some services but not listed the other file is /etc/inetd.conf, services in this file are started with the indetd daemon but dont have a port number. So if you are saying 49155 is the posrt number for nlockmgr then this service should be listed in /etc/services..

Have a look on other system, may be this service is used in only 1-2 system and not all.

Rajeev
Reply
Michael Steele_2
Honored Contributor

тАО07-13-2003 04:16 PM

тАО07-13-2003 04:16 PM

Re: /etc/services - what are some of them really needed for?

The port numbers in /etc/services are equivalent to file names. They are integer file names because once they listed I/O serial ports. This when networks were superseded by data communication, i.e., terminals.

A port number and a IP address merge to become a socket. Sockets exist at level 4 of the OSI network model.

'/etc/services' works in tandem with /etc/inetd.conf. Each line item listed in /etc/inetd.conf will bind to a specific port number in /etc/services. For example, chargen uses port 19.

Use 'netstat -an', 'telnet IP port#' and 'lsof' to see what process is currently attached.

Firewalls use a process called 'IP filtering' to block unused ports in /etc/services. The HP-UX firewall is call 'inetd.sec'. There is also a GNU variant called 'tcpwrappers' and many, many commercial applications.

Inetd is the network super daemon. It acts as a traffic controller starting different network processes only when needed. Like telnetd or ftpd, for example. Test this. Run 'ps -ef | grep -i ftp' before and after a ftp session and note the processes listed.

The first 1000 ports in /etc/services are owned by root and are standards within the computer kingdoms. The maximum port number is ~65500, (* you know, that number *).

Here is a link for 'lsof', again, use it as well as 'telnet IP port#' and 'netstat -an' to see what's using the port you're questioning, for many can be turned off:

http://hpux.cict.fr/hppd/hpux/Sysadmin/lsof-4.64/
Support Fatherhood - Stop Family Law
Reply
Steven E. Protter
Exalted Contributor

тАО07-13-2003 05:27 PM

тАО07-13-2003 05:27 PM

Re: /etc/services - what are some of them really needed for?

As far as /etc/services go, I'd think of it as a reservation for a seat.

Some services do not need an entry there to function correctly. Oracle database goes ahead and used a port and the install doesn't bother to reserve the ports its needs. Functions just fine.

I have a print spooler that functions very badly if you comment out its reservation in /etc/services. That was designed into the application I guess.

A few examples from your question.

domain
port 53

Thats where the BIND/DNS(domain name service) handles such things as what machine has what IP address. If you are running a web server for the public Internet, the Internet expects to get this information on port 53. You can reserve it and use it for something else, but its not a good idea.

Ports 1-1024 are reserved for the operating system and it takes special root permissions to "activate" them for an application.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sridhar Bhaskarla
Honored Contributor

тАО07-13-2003 05:29 PM

тАО07-13-2003 05:29 PM

Re: /etc/services - what are some of them really needed for?

Hi Maria,

/etc/services file is a look up file to resolve service names to the corresponding port numbers. It is used by the server processes as well the client processes to determine the port the server process should listen to or the client process should connect to.

For ex., ftp is a service listed to use the port 21/20. When inetd is restarted, it looks at /etc/services and starts the ftpd to listen at 21. When you run the ftp client from the server to connect to another system, ftp looks at /etc/services and tries to connect to the remote host at port 21. If you alter the ftp port to say 2100, then the ftpd process (via inetd) will listen at 2100. For the client part, if you start 'ftp' session on the server to a remote server, the ftp will try to connect to the remote server at port 2100 and will fail. If you comment out ftp from /etc/services, ftp will return the error "unknown service".

It is not necessary to list all the ports and services that your system is using in /etc/services. Also it is not necessary that all the ports in /etc/services would be started by inetd only. Applications may start their server processes in different ports not necessarily listed in /etc/services. So you may not always find everything in /etc/services.

You can use "netstat -an|grep "LISTEN"" to determine all the listening ports. If those port numbers are not listed in /etc/services, then it is likely that your application may be using them.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Peter Gillis
Super Advisor

тАО07-13-2003 07:15 PM

тАО07-13-2003 07:15 PM

Re: /etc/services - what are some of them really needed for?

Thankyou everyone for sharing your knowledge. I now have a much better idea on how to approach this area of unix security.
Maria.
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

тАО07-15-2003 12:47 AM

тАО07-15-2003 12:47 AM

Re: /etc/services - what are some of them really needed for?

Hi,
/etc/services only bind service port number with name

like ftp=21
when you use netstat you see that
every 21 port will be show with ftp!

if you delete line in services for ftp
netstat will show you 21.

You can NOT stop ftp (or other services) editing /etc/services.

There are two tips network services.

1. Which start from inetd
see inetd.conf and inetd.sec
2. demons -services that start from init when server start see /etc/rc.config.d/name
or manulay from sys admin

If you want to increase system securety, first
stop all unwanted services, second implement ipfiltering.

Best for me :)

Use DMZ and other firewall like cisco and chek pont. HPUX isn't ready for firewall.

P.S Read some info about HP bastion host It will help you




0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.