HPE Community
Operating System - HP-UX
1830366 Members
2267 Online
110001 Solutions
New Discussion

inetd.sec

 
SOLVED
Go to solution
Darrell Allen
Honored Contributor

‎11-15-2001 06:38 AM

‎11-15-2001 06:38 AM

inetd.sec

Hi everyone,

I thought inetd.sec was only used to restrict access from remote systems to the local system's services. The man page doesn't indicate otherwise.

Has anyone actually used inetd.sec to disable connections being initiated from the local system?

I see how you could deny something like ftp from the local server to itself but that's still blocking it from the server side.

Thanks,
Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
8 REPLIES 8
harry d brown jr
Honored Contributor

‎11-15-2001 06:42 AM

‎11-15-2001 06:42 AM

Solution

Re: inetd.sec

inetd.sec is for incoming not outgoing requests!

To stop people from using something like ftp or telnet to another machine, simply change the permissions or "group it".

live free or die
harry
Live Free or Die
Reply
Uday_S_Ankolekar
Honored Contributor

‎11-15-2001 06:44 AM

‎11-15-2001 06:44 AM

Re: inetd.sec

Hi,

This file is to stop telnet ,ftp,rlogin etc from the other boxes. You can configure it to disable incomming requests.

-USA..
Good Luck..
Reply
Craig Rants
Honored Contributor

‎11-15-2001 06:47 AM

‎11-15-2001 06:47 AM

Re: inetd.sec

If you want to totally block telnet or ftp services, comment out the service in the inetd.conf.

Then run inetd -c

Good Luck,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
Roger Baptiste
Honored Contributor

‎11-15-2001 07:00 AM

‎11-15-2001 07:00 AM

Re: inetd.sec

<>

You are right. inetd.sec blocks incoming connections from external systems.

<>

oh yes, i just tried it ;-)
just add the line
telnet deny
It works. But it holds no meaning. Since, why would i need to stop telnetting into a system from that system iteslf?



when you do telnet , ftp ..
it tries to open a port of that service at the remote server. At the remote server, the inetd daemon services the request. Before the request is serviced, it checks whether it is authorised connection by looking the inetd.sec file.
If from systemA you do telnet to systemA , the local system will also be the remote server!

HTH
raj
Take it easy.
Reply
James Beamish-White
Trusted Contributor

‎11-15-2001 07:04 AM

‎11-15-2001 07:04 AM

Re: inetd.sec

Definitely only incoming.... from the man page:

"When inetd accepts a connection from a remote system..."

Other unix flavours need to use tcpwrappers to do the same thing, but HP is sooo good to us we don't need it ;-)

For outgoing (as noted in another thread in the forum), it's removal of access priveleges (chmod 500) that limit outgoing on a box, or firewalls if limiting at a network level.

Cheers,
James
GARDENOFEDEN> create light
Reply
Darrell Allen
Honored Contributor

‎11-15-2001 07:20 AM

‎11-15-2001 07:20 AM

Re: inetd.sec

Thanks everyone.

So far I've heard nothing different from what I thought: inted.sec is only for incoming connections (server side, that is).

Raj, in reference to disabling connections initiated from the local system, would you expand on what you mean when you say it works but it holds no meaning? I poorly worded the question before. To be specific, can inetd.sec be used to deny a user on the same box from initiating a connection as a client to another host? I think you're saying no which is what I believe to be true as well.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-15-2001 07:32 AM

‎11-15-2001 07:32 AM

Re: inetd.sec

Hi Darrell,

As other have already said, inetd.sec is to restrict/prevent access to your system, not from your system.

Hope this helps.

Regds
Reply
Darrell Allen
Honored Contributor

‎11-15-2001 08:21 AM

‎11-15-2001 08:21 AM

Re: inetd.sec

Thanks for confirming my understanding of this issue.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.