Hewlett Packard Enterprise Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I know if one service is used??

SOLVED
Go to solution
Carme Torca
Super Advisor
‎09-02-2004 11:32 PM
‎09-02-2004 11:32 PM
Solved!

How can I know if one service is used??

Hi,

I will like to delete the services: echo, discard, chargen, tftp, ident of /etc/inetd.conf, but first I will like to know if some apllication of the server is using it. Is it possible??
If not, where can I obtain any information about this services, what do they, ...?

Thanks very much!
Carmen.

Users are not too bad ;-)
0 Kudos
Reply
6 REPLIES 6
Highlighted
T G Manikandan
Honored Contributor
‎09-02-2004 11:47 PM
‎09-02-2004 11:47 PM

Re: How can I know if one service is used??

check these docs

KBRC00001288
Document id: UIPKBRC00008029
0 Kudos
Reply
G. Vrijhoeven
Honored Contributor
‎09-02-2004 11:50 PM
‎09-02-2004 11:50 PM

Re: How can I know if one service is used??

Hi Carmen,

To see if they are used you could use the netstat command, but that does not provide historical information. If you want that you could add a script the puts an entry in a log file and starts the service.

( /etc/inetd.conf
e.g replace
shell stream tcp nowait root /usr/lbin/remshd remshd
shell stream tcp nowait root /root/script remshd
and /root/script does a echo "Start remshd, date" >/root/inetd.logfile && /usr/lbin/remshd

To see what they do check /etc/services for a short discription and a google could provide more info.

HTH,

Gideon
0 Kudos
Reply
Jeff_Traigle
Honored Contributor
‎09-03-2004 01:23 AM
‎09-03-2004 01:23 AM
Solution

Re: How can I know if one service is used??

Message contains a hyperlink
Found the RFC Sourcebook web site (http://www.networksorcery.com/enp/default0603.htm) via a Google search for chargen. It contains an alphabetical listing of protocols containing port, protocol suite, type, and brief description. echo, discard, and chargen are safe to turn off most likely... they just drop or return whatever information is sent to them. tftp you don't need unless you're using it to serve images to network bootable devices. (I always preferred using NFS for this purpose, but did have a couple of data concentrators that required use of tftp.) ident is a likely candidate for removal too... I've only seen IRC servers require it running on client systems.

Other candidates for removal that are turned on by default...

daytime
time
bootps (unless you're serving IP addresses to your network with it)
finger
ntalk
exec (used for rexec)
shell (used for remsh)
login (used for rlogin and rcp)
kshell (used for Kerberized remsh)
klogin (used for Kerberized rlogin)
telnet
ftp

telnet and ftp might be a little more difficult to get away with disabling since SSH clients on desktops still aren't common. (Another MS security lag... something Linux, *BSD, and MacOS X has had for a long time as standard.)

With an understanding of what applications you're running and basically how they operate, you should be able to make fairly educated guesses as to which services you can safely turn off. One of my personal favorites was always turn it off... if no one complains, it was safe to do so. :) (Ok, that won't work in all environments, but has benefits when you can get away with it.)
--
Jeff Traigle
Reply
Dave Olker
Neighborhood Moderator
‎09-03-2004 02:33 AM
‎09-03-2004 02:33 AM

Re: How can I know if one service is used??

Hi Carmen,

Others have already responded with information about what these services are. Probably the easiest way to see if any of them are being used would be to enable inetd logging and monitor the /var/adm/syslog/syslog.log file for a period of time.

To enable standard inetd logging you can issue the command:

# inetd -l

To enable enhanced inetd logging, use:

# inetd -b

Either of these commands may be issued while inetd is running.

Once you've collected logging information for the duration you're interested in (i.e. one week, one month, etc.) you can disable the logging mechanism using the same commands. In other words, if you enabled logging with "inetd -l" then disable it with the same command. Again, you don't need to stop/start inetd to get this logging to turn off, just issue the appropriate command.

Hopefully analyzing the logfile data for a period of time will let you know if any applications or users are using these services.

Regards,

Dave





I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Muthukumar_5
Honored Contributor
‎09-03-2004 03:10 AM
‎09-03-2004 03:10 AM

Re: How can I know if one service is used??

We can get the service (first report) from /etc/services file

To validate the usage of echo, discard then,

try as,

netstat -na | grep -w '7'

where 7 -- is the port being listen for echo service

We can also check with telnet as,

telnet localhost

Then,

You can comment out the service on /etc/inetd.conf and try to reconfigure inetd as,

inetd -c

It is good to comment the service support on /etc/services file too.

And more you can use lsof tool to idenity as IS there any application running / using the port of service at that time.

Regards
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor
‎09-07-2004 03:00 AM
‎09-07-2004 03:00 AM

Re: How can I know if one service is used??

T G -

I've been searching docs.hp.com for those entries with no luck.

Can you provide a URL?

Scott Lindstrom
0 Kudos
Reply