HPE Community
Operating System - HP-UX
1855135 Members
3481 Online
104109 Solutions
New Discussion

ident service and Service Guard

 
SOLVED
Go to solution
PamelaJThrasher
Regular Advisor

‎03-12-2007 07:36 AM

‎03-12-2007 07:36 AM

ident service and Service Guard

I am running Service Guard version A.11.13 on a pair of HP 11.11 servers. We are trying to harden our servers. Do I need to leave ident enabled in inetd.conf?

Pam
0 Kudos
Reply
4 REPLIES 4
Sundar_7
Honored Contributor

‎03-12-2007 07:47 AM

‎03-12-2007 07:47 AM

Re: ident service and Service Guard

A.11.13 ? that is too OLD. I am afraid it may not even be currently supported by HP.

I know from A.11.14 onwards identd is used by hacl services to verify the nodes trying to communicate.

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎03-12-2007 08:27 AM

‎03-12-2007 08:27 AM

Solution

Re: ident service and Service Guard

You can disable identd on the SG versions that use it by adding the -i option to the following entries in /etc/inetd.conf:

hacl-probe stream tcp nowait root /opt/cmom/lbin/cmomd /opt/cmom/lbin/cmomd -i -f /var/opt/cmom/cmomd.log
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c -i

You'll see continuing messages in syslog regarding this "insecure" configuration, however.
--
Jeff Traigle
Reply
melvyn burnard
Honored Contributor

‎03-12-2007 08:56 AM

‎03-12-2007 08:56 AM

Re: ident service and Service Guard

SG A.11.13 is out of support for some time now, see:
http://docs.hp.com/en/5971/SG-SGeRAC-EMS-Support.pdf

Also, you MUST have at least PHSS_29120 to use identd functionality.
see also:
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Reply
PamelaJThrasher
Regular Advisor

‎03-12-2007 11:27 PM

‎03-12-2007 11:27 PM

Re: ident service and Service Guard

Thanks for all your help.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.