HPE Community
Operating System - HP-UX
1851300 Members
2482 Online
104057 Solutions
New Discussion

Re: shutdown ports

 
SOLVED
Go to solution
Ratzie
Super Advisor

‎12-05-2003 04:48 AM

‎12-05-2003 04:48 AM

shutdown ports

I had a security audit done on my HP 11.00 server and would like to shut down some ports that are not being used.
I know that you can modify the /etc/inetd.conf file for some but I have some others that I need to shut down...
Where do I do that?

25 smtp
80 http
111 SunRPC
119 News
135 epmap
512
1080
8080
68 bootpc


As well as shut down the smtp server and the snmp service
0 Kudos
Reply
9 REPLIES 9
Paula J Frazer-Campbell
Honored Contributor

‎12-05-2003 04:49 AM

‎12-05-2003 04:49 AM

Solution

Re: shutdown ports

Hi

/etc/services

Paula
If you can spell SysAdmin then you is one - anon
Reply
Steven E. Protter
Exalted Contributor

‎12-05-2003 04:53 AM

‎12-05-2003 04:53 AM

Re: shutdown ports

This product might help as well.

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA

IPFilter.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-05-2003 04:57 AM

‎12-05-2003 04:57 AM

Re: shutdown ports

/etc/services is the file.
There is no substitute to HARDWORK
Reply
Uday_S_Ankolekar
Honored Contributor

‎12-05-2003 04:59 AM

‎12-05-2003 04:59 AM

Re: shutdown ports

/etc/services file. We can just put # at the begining of the line for which you don't need

-USA...
Good Luck..
Reply
Bill Hassell
Honored Contributor

‎12-05-2003 05:00 AM

‎12-05-2003 05:00 AM

Re: shutdown ports

Actually, /etc/services is a documentation file and while some programs that open the listed port will not run if the service is not listed, that's not a guarentee. In Unix, unless there is a program that has opened the port (like inetd or httpd) then the port is closed. Now smtp is usually handled by sendmail so kill the sendmail daemon, then edit /etc/rc.config.d/mailservs to not start sendmail upon reboot. For http, unless you have installed a web server like Apache, then the web ports (8080 1080 80) are closed. To turn off NFS port, make sure the file /etc/rc.config.d/nfsconf has all the services set =0. To stop ports like 512 (rexec) and others, edit /etc/inetd.conf and run inetd -c when you are done.


Bill Hassell, sysadmin
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-05-2003 05:05 AM

‎12-05-2003 05:05 AM

Re: shutdown ports

Actually, editing /etc/services might make you feel better but it really does nothing to enhance security. /etc/services only does portname to portnumber mapping to make things a bit easier for us dumb humans but any intruder software is going to bang on the port using the number. You really have to edit /etc/inetd.conf to disable the services and then tell inetd that you have done it by inetd -c. In a few cases editing inetd.conf is not sufficient because the daemon may be started by an /sbin/rcN.d script --- or may even require a manual start.
If it ain't broke, I can fix that.
Reply
James A. Donovan
Honored Contributor

‎12-05-2003 06:41 AM

‎12-05-2003 06:41 AM

Re: shutdown ports

I highly recommend reviewing this document.

http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html

Excellent source of information on ho to secure your HP-UX server.
Remember, wherever you go, there you are...
Reply
Todd McDaniel_1
Honored Contributor

‎12-05-2003 07:08 AM

‎12-05-2003 07:08 AM

Re: shutdown ports

in addition to add some more security to your box...

I would highly suggest utilizing /etc/hosts.allow(deny files) similar to what I have done...

This will DISALLOW ALL SERVICES except what you have defined to be available here for remote access... I strongly recommend it...

Here is an additional link I found about config and syntax for hosts.allow/deny.


http://ezine.daemonnews.org/200206/hosts_allow.html


# cat /etc/hosts.allow
#all : all : banners=/usr/localcw/opt/sysguard/banners : allow
ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow
tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
logind : all : banners=/usr/localcw/opt/sysguard/banners : allow
rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow

# cat /etc/hosts.deny
# Deny all hosts
ALL : ALL
Unix, the other white meat.
Reply
Karthik S S
Honored Contributor

‎12-05-2003 08:37 AM

‎12-05-2003 08:37 AM

Re: shutdown ports

HP-UX Security products and functionalities,

http://www.hp.com/products1/unix/operating/security/

http://downloads.securityfocus.com/library/bastion.html

-Karthik S S
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.