HPE Community
Operating System - HP-UX
1834394 Members
1569 Online
110066 Solutions
New Discussion

Re: Inetd.sec and tcp wrappers problem -stumped

 
SOLVED
Go to solution
wvsa
Regular Advisor

‎08-29-2007 12:27 PM

‎08-29-2007 12:27 PM

Inetd.sec and tcp wrappers problem -stumped

Greetings all;

Have the following entry in my syslog file:
inetd[22726]: exec/tcp: Connection from sprod (89.44.44.141)

Trying to prevent this box from accessing our hpux 11.11 server. I have created a /var/adm/inetd.sec file that looks like the following:

# more inetd.sec
shell deny 89.44.44.141
telnet deny 89.44.44.141
login deny 89.44.44.141
shell deny sprod
telnet deny sprod
login deny sprod
shell deny sprod.wvus.org
telnet deny sprod.wvus.org
login deny sprod.wvus.org

I also installed tcpwrappers and created the following files hosts.allow
ALL:.wvus.org EXCEPT 89.44.44.141

And a hosts.deny file that looks this:
ALL: ALL

Have the following line in /etc/inetd.conf
telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd telnetd -b /etc/issue

After doing all this and running inetd -c several times the box called sprod with the ipaddress of 89.44.44.141 is still connecting to the server.

What have I missed?

A hearty thanks in advance to any all responses. Won't forget to assign points.

Norm

0 Kudos
Reply
3 REPLIES 3
Joelmel Roche
Valued Contributor

‎08-29-2007 02:36 PM

‎08-29-2007 02:36 PM

Re: Inetd.sec and tcp wrappers problem -stumped

Hi,
TRy check this patch for
HP-UX 11iv1(11.11)PHNE_35017 - inetd(1M) cumulative GR patch

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-29-2007 03:47 PM

‎08-29-2007 03:47 PM

Solution

Re: Inetd.sec and tcp wrappers problem -stumped

Shalom,

If you want to totally block access, you may wish to use the ipfilter firewall. One line and access is blocked completely.

Any change in inetd.sec will not effect open connections. These need to be stopped.

You can use nmap from a Linux box to test connectivity from the sprod.wvus.org box.

In inetd.sec, you might try a broader block command for all services.

hosts.deny, ALL:ALL, again this will not effect previously open connections. But I don't see anything that deals with the hostname or ipaddress of the server you want to block.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
wvsa
Regular Advisor

‎08-30-2007 04:07 AM

‎08-30-2007 04:07 AM

Re: Inetd.sec and tcp wrappers problem -stumped

Steven;

Thanks for the info, yes believe you are correct since the connection is open tcpwrappers or inetd.sec isn't going to help me. Your ipfilter suggestion is a good option however since it uses DLKM modules will need to reboot. So will have to wait until I can get some down time.

In response to your last statement here is my hosts.allow file:
ALL: ALL EXCEPT 89.44.44.141

Here is my hosts.deny file
ALL: ALL

Would you care to share your one line command for ipfilter on hpux 11.11

Grace

Norm


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.