HPE Community
Operating System - HP-UX
1834170 Members
2617 Online
110064 Solutions
New Discussion

Remove unused inetd service

 
Sonny_8
Occasional Advisor

‎01-16-2003 08:12 PM

‎01-16-2003 08:12 PM

Remove unused inetd service

Hi All
My sever is run web application, but for internal used not for public. My server have ORACLE 9.2.01 database+ Oracle9ias 9.0.3( Infra + midtier( Webcache+J2ee)) For the security purpose ,I would like to remove some service that not in use.

the following is the service , I plan to remove. I am not sure would be any issue on my server or not.

tftp, shell, exec, uucp, htalk, ident, printer, daytime (stream), daytime (dgram), time (stream), time (dgram), echo (stream), echo (dgram), discard (stream), discard (dgram), chargen (stream), chargen (dgram), kshell, swat, registrar

Any idea or thought would be apprecitaed

Thanks in advance
Sonny
Timezone id
0 Kudos
Reply
4 REPLIES 4
Michael Tully
Honored Contributor

‎01-16-2003 08:25 PM

‎01-16-2003 08:25 PM

Re: Remove unused inetd service

As long as you can connect to the system, you don't even need to have telnet and ftp. You can implement 'ssh/sftp'. This will basically secure your system. If you need to 'ftp' and 'telnet' the rest are okay to disable. Once you've edited the /etc/inetd.conf file, you reset the 'inetd' process by running 'inetd -c'
Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎01-16-2003 09:42 PM

‎01-16-2003 09:42 PM

Re: Remove unused inetd service

Hi,

You can get a copy of SSH (Secure Shell) from here:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Whilst your on the subject of security, you might also look into using 'sudo' which you can get from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

and bastille from here:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

and last but not least the bastion white paper:

http://people.hp.se/stevesk/bastion11.html

HTH
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-16-2003 09:52 PM

‎01-16-2003 09:52 PM

Re: Remove unused inetd service

I guess you could just stop runing the inetd daemon but thats a little extreme.

I'll upload you a doc that will show you how to use ssh, scp instead of rlogin and rcp.

I suggest you get rid of anything that starts with an r and anything that transmits its passwords in clear text, such as telnet and ftp.

Try Bastille, it handles other security issues that you have yet to address, at least in the post.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=

It's free. If nobody posts it when I get to work, I'll post you a doc that says how to exchange public keys which is critical to using scp instead of rcp and ssh instead of rlogin.

good luck

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-17-2003 07:33 AM

‎01-17-2003 07:33 AM

Re: Remove unused inetd service

Here is the ssh doc I promised Sir.

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.