GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ntp/external
Operating System - HP-UX
1847471
Members
3042
Online
110265
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 12:31 AM
12-10-2003 12:31 AM
ntp/external
I recently punched a hole through the firewall so my HPUX time server could get to the outside world for a valid time source, all is well. Question, are there any process I should shut down on this HPUX box to prevent intrusion? I am a little worried about an outsider coming in on one of my services.
UNIX IS GOOD
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 12:34 AM
12-10-2003 12:34 AM
Re: ntp/external
Generally the rule is if you don't need it then turn it off. Go to /etc/services and comment out ("#") any lines. Also check the /etc/inetd.conf file and remove any services that you do not need. If the only purpose of this HPUX server is to function as a time server than you can get rid of a whole lot.
-Hazem
-Hazem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 12:42 AM
12-10-2003 12:42 AM
Re: ntp/external
Hi,
it depends on how big the hole is, you punched into the firewall. ;-) You only need a hole the size of the port that is needed for ntp, or am I wrong?
be careful,
Michael
it depends on how big the hole is, you punched into the firewall. ;-) You only need a hole the size of the port that is needed for ntp, or am I wrong?
be careful,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 12:44 AM
12-10-2003 12:44 AM
Re: ntp/external
The NTP port (123) is considered to be safe. If your firewall has just one port open, then the rest of the services can't be seen or reached from outside the firewall (assuming you have a good firewall and a good administrator). But good security demands that all ports be closed by default and then an explicit decision to run a service (open a port) made based on corporate guidelines. Most security problems come from inside the firewall.
Bill Hassell, sysadmin
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 12:45 AM
12-10-2003 12:45 AM
Re: ntp/external
You can close the services that you do not want. (Check /etc/services and /etc/inetd.conf)
A tool like nmap can give you idea on what ports are open on ur server.
A tool like nmap can give you idea on what ports are open on ur server.
There is no substitute to HARDWORK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2003 02:44 AM
12-10-2003 02:44 AM
Re: ntp/external
A agree with Bill Hassell. Port 123 is safe.
My employer disagrees with that, so they have the firewall act as a time server and ntp must be configured to take time off of that port.
If you are worried and don't trust your firewall, ipfilter can be installed on the hp box and configured to allow only one way traffic on port 123. Your machine will be able to go out and get the time but nothing will be able to come in on 123.
I can probably dig up a configuration for you if you are interested.
SEP
My employer disagrees with that, so they have the firewall act as a time server and ntp must be configured to take time off of that port.
If you are worried and don't trust your firewall, ipfilter can be installed on the hp box and configured to allow only one way traffic on port 123. Your machine will be able to go out and get the time but nothing will be able to come in on 123.
I can probably dig up a configuration for you if you are interested.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP