HPE Community
Operating System - HP-UX
1834447 Members
2407 Online
110067 Solutions
New Discussion

registrar/tcp access denied

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

‎07-15-2003 05:21 PM

‎07-15-2003 05:21 PM

registrar/tcp access denied

HI,
ux11.00 op sys. Would someone please let me know what the registrar/tcp is in the following message being displayed in the syslog? What is it that systemA is trying to access and why? Or would someone be able to outline a line of attack for me to try and find the answers?

Jul 16 08:25:05 systemA inetd[1660]: registrar/tcp: Access denied for systemA (xxx.
.yyy.zzz.B) at Wed Jul 16 08:25:05 2003

Thankyou heaps.
Maria
0 Kudos
Reply
11 REPLIES 11
Tim Adamson_1
Honored Contributor

‎07-15-2003 05:33 PM

‎07-15-2003 05:33 PM

Solution

Re: registrar/tcp access denied

Hi Maria,

Check if there is an entry for the "registrar" service in /var/adm/inetd.sec and make
sure that the host in question is allowed to use the service.

This behaviour can be caused when the host on which EMS is installed does not have the permission to use the "registrar" process.

Hope it helps.


Cheers!
Yesterday is history, tomorrow is a mystery, today is a gift. That's why it's called the present.
Reply
Steven E. Protter
Exalted Contributor

‎07-15-2003 05:56 PM

‎07-15-2003 05:56 PM

Re: registrar/tcp access denied

Lots of interesing possibilities her Maria,

How to deny telnet access.
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x85c8996c5988d5118ff10090279cd0f9,00.html&qt=registrar/tcp%3A+%2BAccess+%2Bdenied+%2Bfor&hit=1


I'd run inetd -l

This should turn on logging and get you some more information.

This sounds like a /var/adm/inetd.sec problem.

Perhaps post that file or look at it yourself.

A quick temporary diagnostic would be rename inetd.sec inetd -c if needed to re-run the daemon an then test access.

If access is no longer denied, you are certain that the problem is inetd.sec

SEP

Also, this thread is kinda interesting.
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x062a06350fe2d61190050090279cd0f9,00.html&qt=registrar/tcp%3A&hit=10
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Con O'Kelly
Honored Contributor

‎07-15-2003 06:27 PM

‎07-15-2003 06:27 PM

Re: registrar/tcp access denied

Hi Maria

My guess is that you already have logging enabled for inetd (ie inetd -l).

As Tim has said the registrar is part of EMS.
The Guide Using EMS explains the registrar.
http://docs.hp.com/hpux/pdf/B7612-90015.pdf

My guess is that there's some permission issue with registrar. Have these messages recently started or have you recently turned on logging?

Additional log files for EMS can be found under /etc/opt/resmon/log. There's a spefic log for registrar. Have a look in there & see if there is any clues.

I've also attached a Whitepaper that gives a pretty reasonable overview of EMS.

Cheers
Con




Reply
Michael Tully
Honored Contributor

‎07-15-2003 07:08 PM

‎07-15-2003 07:08 PM

Re: registrar/tcp access denied

Hi Maria,

From your previous posts on this subject, I'm assuming you've disabled the registrar service from /etc/inetd.conf

Of course you need to run 'inetd -c' once any changes are made.

Cheers
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Peter Gillis
Super Advisor

‎07-15-2003 10:12 PM

‎07-15-2003 10:12 PM

Re: registrar/tcp access denied

Hi again..
Ok, well, so far...
I havent disabled registrar in /etc/services.
I had no entry for registrar in the /var/adm/inetd.sec file. I added:
registrar allow

Then ran inetd -c

Checked syslog and the messages state connection established. I then went into /var/adm/inetd.sec and added 127.0.0.1 to the end of 'registrar allow' line. Re-initialised it. thinking this would be better security and allow registrar to work only within this local unix network. But, now I am back to connection refused (s'pose that could be said to be better security - noone allowed in!). What is it that I am just not understanding?? Any ideas?

Thanks for your replies so far...maria
0 Kudos
Reply
Con O'Kelly
Honored Contributor

‎07-15-2003 10:21 PM

‎07-15-2003 10:21 PM

Re: registrar/tcp access denied

Hi Maria

To go back to Michaels point, is registrar enabled in /etc/inetd.conf?
# grep registrar /etc/inetd.conf and post the output.
I wouldn't use /etc/services to disable any services.
Any service should be disabled either through /etc/inetd.conf or via startup scripts (ie disable the startup script).

If you had no registrar service in inetd.sec to begin with, then this is not the problem. At this stage I wouldn't use inetd.sec.


Cheers
Con







0 Kudos
Reply
Peter Gillis
Super Advisor

‎07-15-2003 10:27 PM

‎07-15-2003 10:27 PM

Re: registrar/tcp access denied

Hello,
I have just replaced 127.0.0.1 portion of registrar line with the ip address of the actual host. Re-initialised and this is allowing connection according to the syslog. But (there just has to be one)
why wouldnt it work for 127.0.0.1???
Maria
0 Kudos
Reply
Peter Gillis
Super Advisor

‎07-15-2003 10:27 PM

‎07-15-2003 10:27 PM

Re: registrar/tcp access denied

Hello,
I have just replaced 127.0.0.1 portion of registrar line with the ip address of the actual host. Re-initialised and this is allowing connection according to the syslog. But (there just has to be one)
why wouldnt it work for 127.0.0.1???
Maria
0 Kudos
Reply
Peter Gillis
Super Advisor

‎07-15-2003 10:32 PM

‎07-15-2003 10:32 PM

Re: registrar/tcp access denied

Hi,
I made mistake in previous reply. Yes registrar is enabled in /etc/inetd.conf.

Maria
0 Kudos
Reply
Con O'Kelly
Honored Contributor

‎07-15-2003 10:44 PM

‎07-15-2003 10:44 PM

Re: registrar/tcp access denied

hi

Maybe Im missing something here but if you didn't have an entry for registrar in inetd.sec to begin with, then I don't understand how it is suddenly working with this change.
Also the IP address you put in inetd.sec is the local systems IP address??

If you have an entry in /etc/inetd.conf for registrar that is not commented out, then it should work. If you want to improve security etc then you can play around with inetd.sec.

When did you start to get these error messages?? Were any changes made to inetd.conf recently?

Cheers
Con


0 Kudos
Reply
Peter Gillis
Super Advisor

‎07-16-2003 05:06 PM

‎07-16-2003 05:06 PM

Re: registrar/tcp access denied

con,
Recent changes were in inetd.conf file - rpc entries were commented out:

#rpc xti tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdb
server
#rpc dgram udp wait root /usr/dt/bin/rpc.cmsd 100068 2-5 rpc.cmsd
recserv stream tcp nowait root /usr/lbin/recserv recserv -display :0
##
#rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 rpc.rexd
#rpc dgram udp wait root /usr/lib/netsvc/rstat/rpc.rstatd 100001 2-4
rpc.rstatd
#rpc dgram udp wait root /usr/lib/netsvc/rusers/rpc.rusersd 100002 1-2
rpc.rusersd
#rpc dgram udp wait root /usr/lib/netsvc/rwall/rpc.rwalld 100008 1
rpc.rwalld
#rpc dgram udp wait root /usr/sbin/rpc.rquotad 100011 1 rpc.rquotad
#rpc dgram udp wait root /usr/lib/netsvc/spray/rpc.sprayd 100012 1
rpc.sprayd
regards,
Maria.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.