Operating System - HP-UX
1830081 Members
2506 Online
109998 Solutions
New Discussion

how do I disable the services that are listening in certain tcp ports

 
SOLVED
Go to solution
sheevm
Regular Advisor

how do I disable the services that are listening in certain tcp ports

Hi,

Our security team is asking us fix some security holes in HP servers. rp8420, hp-ux 11i v2.

Following are the services needs to be removed. Can Someone tell what command to use to disable these services?

Webservices without encryption listening on
tcp/381 and tcp/383

SMTP services on tcp/25 and tcp/587

portmapper tcp/111

We do not require these services.

When I did the "netstat -rn" I see these services are listening in these ports.

Thanks for your help,
kesh


be good and do good
6 REPLIES 6
Wouter Jagers
Honored Contributor

Re: how do I disable the services that are listening in certain tcp ports

inetd based services can be disabled by commenting out the relevant entries in /etc/services & /etc/inetd.conf

Depending on the web services you use, you might need to reconfigure their configuration files.

Not much time to check everything myself right now, but the above should get you on your way :)

Cheers
an engineer's aim in a discussion is not to persuade, but to clarify.
A. Clay Stephenson
Acclaimed Contributor
Solution

Re: how do I disable the services that are listening in certain tcp ports

Without answering specifically (because there will probably be more services they want disabled), the general approach to your problems comes in two parts: 1) Those under thecontrol of inetd 2) Those that are not. For those under the control of inetd, look in /etc/inetd.conf for any entries that apply to the service that you wish to disable. If you need to match portnumber then look in /etc/services for the name to portnumber mapping and then find the corresponding portname in inetd.conf. You can disable the service by placing a '#' character at the beginning of the line. After editing inetd.conf, apply your changes by issueing an "inetd -c" command to send a SIGHUP to the inetd daemon.

Now for the second class of services, things are a bit more tricky although the vast majority of them are started by rc scripts. Look in /sbin/init.d for the desired service. You may simply want to "grep -i 'smtp' *" to help you find the applicable script. Now there is almost always a configuration file located in /etc/rc.config.d of the same name as the script in /sbin/init.d. Before you edit the configuratiuon file, you should first stop the service. For example, let's suppose that you want to disable webadmin. First "/sbin/init.d/webadmin stop"; next edit /etc/rc.config.d/webadmin and set WEBADMIN=0. This will prevent the service from starting on the next boot. A few services might be started by init, so you should also examine /etc/inittab --- but this is a seldom used mechanisn these days.
If it ain't broke, I can fix that.
sheevm
Regular Advisor

Re: how do I disable the services that are listening in certain tcp ports

Hi Clay,

Thanks for your detailed response. It is a lot of help.

kesh
be good and do good
rick jones
Honored Contributor

Re: how do I disable the services that are listening in certain tcp ports

And when all else fails (inetd.conf and stuff in /etc/rc.config.d), there's always ipfilter - the service may still be running, but you can setup ipfilter to keep anyone from getting to it.
there is no rest for the wicked yet the virtuous have no pillows
Joel Pavon
Advisor

Re: how do I disable the services that are listening in certain tcp ports

Hi, I have some questions about information above.

I disable the portmapper adding a # character at the beginnind of the file /etc/services, but the vulnerability test report the port 111 open.

Do you have any idea how disable that port and how this affect the conecctivity?
rick jones
Honored Contributor

Re: how do I disable the services that are listening in certain tcp ports

All /etc/services is is a convenience for humans, providing a mapping between a port number and an ostensibly friendly service name. Most well-written services will try to find their service name via lookup routines which will check /etc/services as well as other sources. If they don't find their service name, the better written ones will default to some port number.

The upshot is that you cannot use /etc/services to enable/disable services - that has to be done via other mechanisms. On HP-UX, that is often by editing files in /etc/rc.config.d/ but may be elsewhere depending on the service.
there is no rest for the wicked yet the virtuous have no pillows