HPE Community
Operating System - HP-UX
1834275 Members
3518 Online
110066 Solutions
New Discussion

Security Access

 
Ray Bell
Regular Advisor

‎06-06-2001 07:54 AM

‎06-06-2001 07:54 AM

Security Access

I want to disable all the R's (remsh, rlogin, rcp and etc) on my server and allow certain i.p. address to acces my server. I tried to set up up in file /var/adm/inetd.sec but must have not implement it correctly. I need some assistance. Also do anyone know a good web site that talk about security issues and patching up your server against hackers.
0 Kudos
Reply
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

‎06-06-2001 08:02 AM

‎06-06-2001 08:02 AM

Re: Security Access

Hi Ray:

Here's one specifically for HP-UX, for starters:

http://secinf.net/info/unix/secureHP-UX.html

...JRF...
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎06-06-2001 02:39 PM

‎06-06-2001 02:39 PM

Re: Security Access

Ray, the inetd.sec file should be composed of lines like:

telnet allow 192.168.*
rlogin allow *.mynetwork.net

or you can tool it down to a particular host.

Happy locking down...
0 Kudos
Reply
Peggy Fong
Respected Contributor

‎06-07-2001 05:55 AM

‎06-07-2001 05:55 AM

Re: Security Access

There is a document on building a bastion host that is very comprehensive...and is a good starting place. It does cover disabling the r* and many other things for hp.
For 11.X
http://people.hp.se/stevesk/bastion11.html

For 10.X
http://people.hp.se/stevesk/bastion10.html

The security forum has many good things as well just do searches for topics and you should find good info as well as references to sites for public domain code, etc.

The previous references are great starting points as well for HP security.

Regards,
Peggy
0 Kudos
Reply
Peggy Fong
Respected Contributor

‎06-07-2001 05:57 AM

‎06-07-2001 05:57 AM

Re: Security Access

BTW
If you want to completely disable the r* services (rcp, remsh, rlogin..) and only allow telnet, then you need to comment them out of /etc/inetd.conf and then re-read the file by running 'inetd -c'

Then use inetd.sec to allow telnet from certain subnets or ip addresses....


Peggy
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎06-07-2001 07:10 AM

‎06-07-2001 07:10 AM

Re: Security Access

Also remember to read the man pages. These are not written for rocket scientists, and are handy on all platforms.
>man inetd.sec
will give you plenty of information, and examples on building the file correctly, even tell you to run inetd -c to implement the changes while inetd is running.

Reading about bastion hosts, and C2 security is fine, but not really practical for a newbie.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.