HPE Community
Operating System - HP-UX
1836995 Members
2304 Online
110111 Solutions
New Discussion

Services Running

 
Nancy Verkamp
Occasional Contributor

‎07-31-2001 04:00 AM

‎07-31-2001 04:00 AM

Services Running

We are wanting to secure our HPUX (10.20 and 11.0) by stopping services that are not/should not be used. Is there a resource to assist us with this? Has anyone else done this recently that can suggest a method that worked for them?
0 Kudos
Reply
5 REPLIES 5
Rainer von Bongartz
Honored Contributor

‎07-31-2001 04:25 AM

‎07-31-2001 04:25 AM

Re: Services Running

Try this ressources:

http://people.hp.se/stevesk/bastion11.html
http://people.hp.se/stevesk/bastion10.html
http://secinf.net/info/unix/secureHP-UX.html
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎07-31-2001 04:30 AM

‎07-31-2001 04:30 AM

Re: Services Running

Hi Nancy:

You can comment-out the services you do not need in /etc/inetd.conf (e.g. 'echo, 'chargen', etc.) and restart the 'inetd' daemon:

# /usr/sbin/inetd -c

...JRF...
0 Kudos
Reply
Ravi_8
Honored Contributor

‎07-31-2001 04:38 AM

‎07-31-2001 04:38 AM

Re: Services Running

Hi,
inetd is the process that supervises the internet.
if you don't want any kind of activities in your system comment all the RPC lines in /etc/inetd.conf file. excecute the command 'inetd -c' , this will stop all RPC processes and kill the inetd process.
never give up
0 Kudos
Reply
Harinath N
Frequent Advisor

‎07-31-2001 06:29 PM

‎07-31-2001 06:29 PM

Re: Services Running

Hi Nancy,

To secure your system, you can comment the required ARPA/Berkeley services (telnet, ftp, rlogin, etc.) in /etc/inetd.conf file.
Incase if you want allow these services for some particular users, then you can enable security level for inet services using /var/adm/inetd.sec file(refer man page for inetd.sec entry). Any changes performed in /etc/inetd.conf file can be brought into effect by using "inetd -c" command, which will reconfigure the Internet daemon by rereading the config. file once again.

Further security of your system can be acheived by ensuring proper file permissions(recommended : 644 and in some case 664).

Hope this will help a bit.

Regards,
N.Harinath.
0 Kudos
Reply
Thomas D. Harrison
Frequent Advisor

‎08-01-2001 11:55 AM

‎08-01-2001 11:55 AM

Re: Services Running

Nancy,

I'm looking into the same issue myself. I'd recommend the following methodology.

1) Turn on as much logging as you can. This would include modifying syslog.conf. Also do a man on the various daemons to see if there are log options available. (e.g. ftpd has logging options.)

2) After a "suitable" period of time, view these logs.
It might be helpful in the case of /var/adm/syslog/syslog.log to do the following:

cat /var/adm/syslog/syslog.log | grep rpcbind > rpcbind.log
cat /var/adm/syslog/syslog.log | grep LVM > LVM.log
etc...

3) Upon implementation, I would recommend having some tests clearly defined in advance, as well as having the fall back clearly planned.

I wish I could be more help but this is the first time
I'm doing this as well.

Good Luck and let us know if you run across any Einstein-ish ideas as you work on it!
Imbibo ergo sum.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.