HPE Community
Operating System - HP-UX
1821546 Members
2114 Online
109633 Solutions
New Discussion юеВ

Re: inetd.conf

 
Pieter_5
Advisor

тАО06-16-2004 07:21 PM

тАО06-16-2004 07:21 PM

inetd.conf

Hi,

I am trying to tighten the security of my HP-boxes. First I want to disable some services in inetd.conf. However some of the services i dont know. Like registrar, dtspc, instl_boots, kshell, klogin, ident, bootps. Can I disable them? What are used for?
0 Kudos
Reply
6 REPLIES 6
Joseph Loo
Honored Contributor

тАО06-16-2004 07:29 PM

тАО06-16-2004 07:29 PM

Re: inetd.conf

hi,

let me first recommend to you Bastille, which allows u to interactively "harden" your server which includes the services in inetd.conf

go to this link to download and also read the white paper first. the white paper addresses some of the questions u have about unwanted services:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

тАО06-16-2004 07:32 PM

тАО06-16-2004 07:32 PM

Re: inetd.conf

Check this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=593060

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

тАО06-16-2004 07:34 PM

тАО06-16-2004 07:34 PM

Re: inetd.conf

Or look at the attachment which has been extracted from the previous post.

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Bharat Katkar
Honored Contributor

тАО06-16-2004 08:01 PM

тАО06-16-2004 08:01 PM

Re: inetd.conf

hi,
Will try to explain some of them:

bootps : Bootstrap Protocol Server, used for remote booting the clients systems.

instl_boots : installation bootstrap protocol server

kshell : Kerberos remote shell

klogin : Kerberos encrypted remote login

So if you are not using those you can go ahead and disable them.

Edit /etc/inetd.conf and put hash in front of all these entries and then:
# /usr/sbin/inetd -c
to reread the changed conf file.

Hope that helps.
regards,




You need to know a lot to actually know how little you know
0 Kudos
Reply
Fabio Ettore
Honored Contributor

тАО06-16-2004 08:19 PM

тАО06-16-2004 08:19 PM

Re: inetd.conf

Hi,

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5187-2216/5187-2216_top.html&con=/hpux/onlinedocs/5187-2216/00/00/65-con.html&toc=/hpux/onlinedocs/5187-2216/00/00/65-toc.html&searchterms=security&queryid=20040617-020451

This just is a link to direct you to good actions in order to tighten the security of your HP-boxes.

Bastille (as Joseph said) is another very good suggestion.

I would suggest you to follow a document or a procedure to do your system more secure.

Anyway in order to check what those services regard then go on docs.hp.com.
Here an example for dtspc:

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B1171-90500/B1171-90500_top.html&con=/hpux/onlinedocs/B1171-90500/00/00/28-con.html&toc=/hpux/onlinedocs/B1171-90500/00/00/28-toc.html&searchterms=dtspc&queryid=20040617-020927

dtspc is about remote display console (one for all CDE) on remote systems.

HTH.

Best regards,
Ettore
WISH? IMPROVEMENT!
0 Kudos
Reply
R. Sri Ram Kishore_1
Respected Contributor

тАО06-16-2004 09:33 PM

тАО06-16-2004 09:33 PM

Re: inetd.conf

Hi,

Here are the descriptions of some of the services:
a) registrar - Resource Monitoring Service. Part of the resource monitoring subsystem.

b) ident - Authentication Service
This service is used to identify which user owns which services. This service is unnecessary for general system use.
To disable this service, edit the /etc/inetd.conf file to comment out or disable this service, or use SAM to disable
this service.

The other services have already been explained by others.

HTH.
Regards,
Sri Ram
"What goes up must come down. Ask any system administrator."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.