HPE Community
Operating System - HP-UX
1833692 Members
5170 Online
110062 Solutions
New Discussion

Inetd Security

 
Matthew Whitaker
New Member

‎06-06-2005 02:31 AM

‎06-06-2005 02:31 AM

Inetd Security

Can anyone point me to some good resources that detail what services are included in inetd.conf by default and what they do? My company is working to increase our security, and would like to ensure that any uneeded or potentially insecure services included in inetd.conf are stopped from running.
0 Kudos
Reply
8 REPLIES 8
harry d brown jr
Honored Contributor

‎06-06-2005 02:36 AM

‎06-06-2005 02:36 AM

Re: Inetd Security

http://docs.hp.com/en/B2355-90685/ch02s04.html

basically search http://docs.hp.com

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎06-06-2005 02:37 AM

‎06-06-2005 02:37 AM

Re: Inetd Security

http://www.blacksheepnetworks.com/security/resources/hp-ux11.html

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎06-06-2005 02:38 AM

‎06-06-2005 02:38 AM

Re: Inetd Security

If you are looking into security, i recommend you download and run the Bastille software.

This software will check various aspects of server security (including inetd) and give recommendations and details information about the services/issues it finds.

If you run it on one of your test boxes you can get a list of recommendations with details descriptions, which you can cut/paste into a report for your bosses ;)

Find it on http://software.hp.com
0 Kudos
Reply
Doug Burton
Respected Contributor

‎06-06-2005 07:08 AM

‎06-06-2005 07:08 AM

Re: Inetd Security

Hope this helps: http://web.tampabay.rr.com/batcave/inetd_conf.htm
0 Kudos
Reply
roger_122
Occasional Advisor

‎06-09-2005 07:03 AM

‎06-09-2005 07:03 AM

Re: Inetd Security

Matthew

Take a look at:

http://www.cisecurity.org/

There is a benchmark tool for HPUX ..

Regards

Roger
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎06-09-2005 07:52 AM

‎06-09-2005 07:52 AM

Re: Inetd Security

There's actually not much in the stock inetd.conf that should be running. FTP and telnet are insecure and should be disabled. tftp should be off unless it's an Ignite server or boot server for some device that requires the service. bootps should be off unless it's an Ignite server or general purpose Bootp/DHCP server. finger, r-services, uucp, ntalk, ident... all bad or useless and should be disabled. The rlpdaemon service not needed unless it's a print server. Inetd internal services, useless and should be disabled. rpc services are disabled by default, I believe. Kerberized r-services not needed most places and should be disabled.
--
Jeff Traigle
0 Kudos
Reply
MZ_1
Advisor

‎06-09-2005 08:05 AM

‎06-09-2005 08:05 AM

Re: Inetd Security

Here is a checklist from cert. I agree with jeff. you'll probably be left with telnet and ftp when your done editing. then you can look at secure shell.

http://www.cert.org/tech_tips/usc20_full.html
0 Kudos
Reply
Alzhy
Honored Contributor

‎06-09-2005 08:13 AM

‎06-09-2005 08:13 AM

Re: Inetd Security

Matthew,

Best secure configuration for any UNIX system is to have NOTHING in /etc/inetd.conf. Your well-known INET services ftp, telnet, logind, etc.. should be replaced by Secure Shell.

All of our UNIX servers now have blank inetd.conf configs. We use Secure Shell to replace clear text protocols line telnet, ftp, rlogin, rexec.. etc.

Hakuna Matata.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.