HPE Community
Operating System - HP-UX
1836581 Members
1671 Online
110102 Solutions
New Discussion

Re: inetd.conf

 
Mohammad Sanaullah
Frequent Advisor

‎01-10-2008 05:56 AM

‎01-10-2008 05:56 AM

inetd.conf

Dear Team
Can someone let me know the functionality of following terms present in internal services in inetd.conf file, as we have to disable them...

1. Chargen
2. Time
3. daytime
4. discard
5. echo

Another point is
What is ipforwarding and what it does..

Thanks in advance...Points later.
waiting for reply.
Alive
0 Kudos
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

‎01-10-2008 06:13 AM

‎01-10-2008 06:13 AM

Re: inetd.conf

Hi:

These can most certainly be disabled. For more information, see:

http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1199974290395+28353475&threadId=188195

Regards!

...JRF...
0 Kudos
Zeev Schultz
Honored Contributor

‎01-10-2008 06:23 AM

‎01-10-2008 06:23 AM

Re: inetd.conf

man inetd:

"The inetd daemon provides several "trivial" services internally by use of routines within itself. The services are echo, discard, chargen
(character generator), daytime (human readable time), and time (machine readable time in the form of the number of seconds since midnight, January 1, 1900). The inetd daemon provides both TCP- and UDP-based servers for each of these services. See inetd.conf(4) for
instructions on configuring internal servers."

Most of those are outdated. Ie, echo was a predecessor of ping. daytime can be replaced by ntp if needed, chargen gives you just a string of charactes.Discard is just like /dev/null over tcp-ip.

I'd disable them and see if applications can survive. No idea if OS needs them.
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Tim Nelson
Honored Contributor

‎01-10-2008 07:21 AM

‎01-10-2008 07:21 AM

Re: inetd.conf

I have always disabled these. It deters any questions during audit review, i.e. what are these ? why are they enabled ?.

0 Kudos
Robert Fritz
Regular Advisor

‎01-11-2008 10:52 AM

‎01-11-2008 10:52 AM

Re: inetd.conf

Note that Bastille can automate this and other lock-down steps:
http://www.hp.com/go/bastille
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Bill Hassell
Honored Contributor

‎01-11-2008 06:02 PM

‎01-11-2008 06:02 PM

Re: inetd.conf

These 5 services are obsolete and should always be disabled. Any security scan of your network will point them out as needing to be disabled. Unfortunately, most flavors of Unix default to turning them on for no good reason except it's always been done that way. In today's environment, no network service should be enabled unless it is needed.


Bill Hassell, sysadmin
0 Kudos
Mohammad Sanaullah
Frequent Advisor

‎01-11-2008 08:41 PM

‎01-11-2008 08:41 PM

Re: inetd.conf

Thanks a lot for all active participation...other wise its not a good idea to enable these thing as Auditor can make a point on security compromise...better disable them...
Thanks
Mohammad Sanaullah
Alive
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.