HPE Community
Operating System - HP-UX
1819682 Members
4236 Online
109605 Solutions
New Discussion юеВ

inetd.conf service removal

 
Ian Little
Occasional Advisor

тАО01-29-2004 09:47 PM

тАО01-29-2004 09:47 PM

inetd.conf service removal


Hi,

I have been commenting out services that are not required and I am left with the following entries:-

rpc stream tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver

dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd

rpc dgram udp wait root /usr/dt/bin/rpc.cmsd 100068 2-5 rpc.cmsd

recserv stream tcp nowait root /usr/lbin/recserv recserv -display :0

spc stream tcp nowait root /usr/bms/bin/softspcd /usr/bms/bin/softspcd

We do not use CDE but we do have the Omniback GUI, Glance and NFS. Am I safe to switch them off?

Thanks,

Simon.
0 Kudos
Reply
9 REPLIES 9
Alex Glennie
Honored Contributor

тАО01-29-2004 10:09 PM

тАО01-29-2004 10:09 PM

Re: inetd.conf service removal

Well 4 of those are CDE related services ... I *think* you'll be OK fyi ....

dtspcd The user will not be able to execute CDE remote actions from this machine to a machine with this service.

rpc.cmsd The user will not be able to view or modify the CDE calendar files on this machine.

rpc.ttdbserver The network aware locking feature of dtmail will not work. This is an optional mechanism for ensuring that the user's dtmail folder is locked when necessary

softspcd I beleive is related to Softbench and or VUE ... is this product installed ? Is this a 10.20 box ?

Recserv is connected with HP's sharedX product - the SharedX Receiver Service

0 Kudos
Reply
Ian Little
Occasional Advisor

тАО01-29-2004 10:18 PM

тАО01-29-2004 10:18 PM

Re: inetd.conf service removal

Hi,

Yes it is a 10.20 box. Softbench is installed but we do not use it. So it looks like we are OK to switch off these services.

Thanks,

Simon.
0 Kudos
Reply
Jeroen Peereboom
Honored Contributor

тАО01-30-2004 12:46 AM

тАО01-30-2004 12:46 AM

Re: inetd.conf service removal

Simon,

as far as I understand there MAY be other applications using ttdbserver. But 'they' could never explain top me what it is and how I can tell if an application is using it.

JP.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-30-2004 12:52 AM

тАО01-30-2004 12:52 AM

Re: inetd.conf service removal

In the end,you will have to test this configuration. It appears more secure. If you don't want to use CDE you should be fine.

Alos, 10.20 is out of support. Think upgrade if this system does production work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ian Little
Occasional Advisor

тАО01-30-2004 01:42 AM

тАО01-30-2004 01:42 AM

Re: inetd.conf service removal

Hi,

I have commented out all of the services and everything seems to be OK. Omniback and Glance work as expected.

If anybody knows about rpc.ttdbserver being used by some other applications then please let me know.

We are in the process of replacing our 10.2 machines, just awaiting the customer go ahead! You can still get support on 10.2 if you pay.

Thanks,

Simon.
0 Kudos
Reply
Doug Burton
Respected Contributor

тАО01-31-2004 10:36 AM

тАО01-31-2004 10:36 AM

Re: inetd.conf service removal

I'm not sure how much help this is going to be but I've been trying to get (basically) the same info for a long time. Very hard to get. What I have is here:

http://home.tampabay.rr.com/batcave/inetd_conf.htm
0 Kudos
Reply
Mic V.
Esteemed Contributor

тАО01-31-2004 12:02 PM

тАО01-31-2004 12:02 PM

Re: inetd.conf service removal

Ian,

Interesting, that you can get 10.20 support for $$$. I figured as much.

What I did (first with 10.20, later with 11.11) was comment them out. CDE *was* in use on this system, but not the calendar manager (uses rpc.cmsd). I think what I ended up with was allowing 127.0.0.1 for rpc.ttdbserver in /var/adm/inetd.sec but the others (listed above) were turned off. It worked just fine (it was my desktop D350, I definitely would have noticed problems :).

Mic
What kind of a name is 'Wolverine'?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-31-2004 12:07 PM

тАО01-31-2004 12:07 PM

Re: inetd.conf service removal

The rpc (remote process call i think) from Sun are not in heavy use today. They do present a security hazard because under some circumstances they allow users to run commands without authentication.

As far as NFS, CDE, Glance and NFS shutting this down will not present a problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-31-2004 02:05 PM

тАО01-31-2004 02:05 PM

Re: inetd.conf service removal

CDE uses Xwindows but it is *not* required to run Xwinodw applications. CDE is a desktop manager, that is, it takes over your entire display and gives you lots of toys to play with. If all you want is to run xterm or the Omniback (or Oracle) GUI, you don't need CDE at all. Turn off all the CDE services in inetd.conf (all daemons that are in /usr/dt.bin) plus CDE startup in /etc/rc.config.d/desktop. Change the line:

DESKTOP=CDE # run dtlogin

to

DESKTOP= # don't run dtlogin

And if dtlogin is running right now -- hit:

UNIX95= ps -C dtlogin

run this command:

/sbin/init.d/dtlogin.rc stop

Then to verify that Xwindow programs still work fine, start your Xterminal emulator and then run xclock (/usr/bin/X11/xclock). You can do the same with theOmniback GUI.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.