HPE Community
Operating System - HP-UX
1832617 Members
3564 Online
110043 Solutions
New Discussion

Re: Removing services from inetd.conf

 
SOLVED
Go to solution
Terrence
Regular Advisor

‎03-20-2003 01:00 PM

‎03-20-2003 01:00 PM

Removing services from inetd.conf

What is everyone's opinion about what to keep and what to lose from inetd.conf from a security perspective. Half the stuff I don't even know what it's for. In particular:

time stream tcp nowait root internal

dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd

rpc dgram udp wait root /usr/dt/bin/rpc.cmsd 100068 2-5 rpc.cmsd (Calendar?)

recserv stream tcp nowait root /usr/lbin/recserv recserv -display :0

registrar stream tcp nowait root /etc/opt/resmon/lbin/registrar /etc/opt/resmon/
lbin/registrar

It seems to be a given that I can safely remove these:

chargen
ntalk
bootps
daytime
echo
discard
ident

Less is more? (secure that is)
0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎03-20-2003 01:08 PM

‎03-20-2003 01:08 PM

Re: Removing services from inetd.conf

If you don't have users that need it, you are better off without the security vulnerabilities.

Most shops need ftp and telnet, but you are better off with secure shell, which is not run out of inetd.conf

I'd stay away from anything that starts with an r because most of those are insecure berkley protocols which can be functionally replaced by secure shell.

Here is a link for the free secure shell software from HP, replacing telnet, ftp rcp.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-20-2003 01:08 PM

‎03-20-2003 01:08 PM

Re: Removing services from inetd.conf

If you don't have users that need it, you are better off without the security vulnerabilities.

Most shops need ftp and telnet, but you are better off with secure shell, which is not run out of inetd.conf

I'd stay away from anything that starts with an r because most of those are insecure berkley protocols which can be functionally replaced by secure shell.

Here is a link for the free secure shell software from HP, replacing telnet, ftp rcp.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Tully
Honored Contributor

‎03-20-2003 01:09 PM

‎03-20-2003 01:09 PM

Re: Removing services from inetd.conf

You can safely add 'finger' to that list.

dtspc is to do with CDE
Some 'rpc' are to do with NFS services
'resmon' is to with the EMS monitoring
Anyone for a Mutiny ?
Reply
Sridhar Bhaskarla
Honored Contributor

‎03-20-2003 01:14 PM

‎03-20-2003 01:14 PM

Solution

Re: Removing services from inetd.conf

Hi,

Yes. One good rule is to disable everything and enable only what you need. For the services you enabled, you may want to configured /var/adm/inetd.sec for further restrictions.

time - returns the time on the system. For ex.,

telnet localhost 37

dtspcd, rpc.cmsd are CDE services.

registrar is used by EMS. If you are monitoring the resources using EMS, then you want to leave it enabled.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Terrence
Regular Advisor

‎03-20-2003 01:16 PM

‎03-20-2003 01:16 PM

Re: Removing services from inetd.conf

One thing I wonder is if I remove all the CDE stuff, will I still be able to use X-windows for things like omniback and bastille.
0 Kudos
Reply
George Liu_2
Frequent Advisor

‎03-20-2003 01:21 PM

‎03-20-2003 01:21 PM

Re: Removing services from inetd.conf

For those simple server, you may safely remove them.

But a more favorable way is to put them protected by tcp-wrapper.

From there, you may specify who can or cannot access your individual services.

For sshd service, if you are lazy as me, I suggest not to use it since too frequent ssl and ssh patches and lots of attacked against ssh.

Hope this helps.
0 Kudos
Reply
Terrence
Regular Advisor

‎03-20-2003 01:33 PM

‎03-20-2003 01:33 PM

Re: Removing services from inetd.conf

Whoa, Does anyone else agree with George on secure shell? I've been led to believe using them was a slam dunk must do.
0 Kudos
Reply
George Liu_2
Frequent Advisor

‎03-20-2003 02:09 PM

‎03-20-2003 02:09 PM

Re: Removing services from inetd.conf

Here is the entire list of security watch and warning since year 2000 in a real production organization. You'll see the frequent occurrence of ssh.


20030319 Watch Vulnerability in Remote Procedure Call libraries
20030318 Watch Samba Buffer Overflow
20030317 Warning Windows 2000 - Microsoft IIS 5.0 (Only) Unchecked Buffer Overflow
20030305 Watch Snort Vulnerability
20030228 Watch Remote Root Vulnerability In Sendmail
20030126 Warning Microsoft SQL Slammer Worm
20021008 Warning W32/Bugbear@MM Worm
20020916 Warning Apache/mod_ssl Worm
20020719 Watch Web Server Reconnaissance
20020805-2 Watch SSL Vulnerability
20020805-1 Watch OpenSSH Trojan
20020716 Warning Multiple Systems Compromised
20020521 Warning New MS SQL Worm
20020221 Warning Vulnerability in CDE
20020219 Warning WU-FTPD name globbing vulnerability
20011204 Warning W32/Goner@MM Worm Activity
20011130 Warning Continued Threats Made Against U.S. Government Systems
20011120 Warning SSHD Vulnerability
20011025 Warning UPDATE: Threats Made Against U.S. Government Systems
20011019 Warning Threats Made Against U.S. Government Systems
20010918 Warning W32/Nimda@MM Worm
20010910 Warning W32/Magistr.b@MM Virus
20010831 Watch Vulnerability in Printer Service
20010807 Warning (Upgrade in Status) Vulnerability in Telnet Service
20010725 Watch Vulnerability in Telnet Service
20010723 Warning W32/SirCam@MM (SirCam) Malicious Code
20010719 Warning Code Red Worm Threat
20010213 Warning VBS/SST (Anna Kournikova) Malicious Code
20010130 Warning Multiple Vulnerabilities in BIND
20000817 Warning Attack Alert
20000810 Watch Vulnerabilities In Netscape Communicator
20000717 Watch Multiple NOAA Web Server Home Page Defacements
20000712 Watch Washington University FTP server (wu-ftpd) vulnerabilities
20000620 Watch Virus - IRC/Stages.worm
20000601 Watch Cybernet Macro Virus
20000518 Watch I Love You Virus
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎03-20-2003 02:34 PM

‎03-20-2003 02:34 PM

Re: Removing services from inetd.conf

Hi,


I am not sure if it is going to affect Omniback. But sure not Bastille. I would suggest a conservative approach by disabling them one by one and then make sure you don't get any complaints from the users. cmsd is calender manager and users may be using it.

recserv is used by SharedX service. You may not need it either.

Regarding ssh, I prefer to use it against the standard tools. Vulnerabilities are common even on the vendor supported softwares. But we cannot take it as an excuse to send the data in cleartext. Particularly sending passwords in clear-text is always vulnerable. You can use HP's secure shell if you want support.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.