HPE Community
Operating System - HP-UX
1825002 Members
2810 Online
109678 Solutions
New Discussion юеВ

Superfluous NFS Daemon

 
SOLVED
Go to solution
Andrew Crowe_2
Advisor

тАО02-26-2003 12:50 AM

тАО02-26-2003 12:50 AM

Superfluous NFS Daemon

Hello,

Just had a Vulnerability report from HQ and it has said there is a high risk on one of my servers due to a "superfluous NFS daemon". I don't use NFS on this server so what is the best way to get rid of it, and stop it restarting at reboot. And just out of interest why would this be seen as a vulnerability?
By the way it is HP-UX 10.20

Any help would be great

Thanks

Andrew
0 Kudos
Reply
7 REPLIES 7
Sudhakar J_1
Advisor

тАО02-26-2003 01:08 AM

тАО02-26-2003 01:08 AM

Solution

Re: Superfluous NFS Daemon

Hi,

you can set the NFS_SERVER to 0 in /etc/rc.config.d/nfsconf file to stop the NFS server from starting upon reboot.

Other way is to rename the /sbin/rc3.d/S100nfs.server to s100nfs.server.

First one is recommended.

Regards

Sudhakar J
tomorrow is just another day
Reply
Sudhakar J_1
Advisor

тАО02-26-2003 01:48 AM

тАО02-26-2003 01:48 AM

Re: Superfluous NFS Daemon

Hi,

Just see this link you might very well accept that your HQ is right

http://hq.mcafeeasap.com/vulnerabilities/vuln_data/7000.asp
tomorrow is just another day
0 Kudos
Reply
Andrew Crowe_2
Advisor

тАО02-26-2003 01:48 AM

тАО02-26-2003 01:48 AM

Re: Superfluous NFS Daemon

Thanks Sudhakar J

Thats great. Its going to be a long as I have just had a 244 page Vulnerability document landed on my desk and I am a one man band as far as HP-UX is concerned so I expect I will be on this forum quite a lot over the next few days. Anyway I'm sure that I'll be learning a lot also, so that is good.

Does the same apply for SNMP and where can I disable that?
0 Kudos
Reply
Sudhakar J_1
Advisor

тАО02-26-2003 01:59 AM

тАО02-26-2003 01:59 AM

Re: Superfluous NFS Daemon

Hi,

You can disable the SNMP for every one in /etc/services files (just comment the entry).

If you want allow some mgmt workstations only to access the snmp on server use /var/adm/inetd.sec file to reestrict access to only few machines.


Regards

Sudhakar J
tomorrow is just another day
0 Kudos
Reply
Sudhakar J_1
Advisor

тАО02-26-2003 02:07 AM

тАО02-26-2003 02:07 AM

Re: Superfluous NFS Daemon

Hi,

forgot to tell after modifying your /etc/services file use kill -HUP yourinetdprocessid

to make inetd to reread the settings in services file.

Regards

Sudhakar J
tomorrow is just another day
0 Kudos
Reply
Andrew Crowe_2
Advisor

тАО02-26-2003 02:10 AM

тАО02-26-2003 02:10 AM

Re: Superfluous NFS Daemon

Sudhakar,

Believe me I take this document very seriously, I already some time ago commented out SNMP in /etc/services but this does not stop the daemon starting at boot
0 Kudos
Reply
ConnieK
Regular Advisor

тАО02-27-2003 09:38 AM

тАО02-27-2003 09:38 AM

Re: Superfluous NFS Daemon

Andrew,

You need to change the default in the configuration file from 1 to 0 or null. The Master SNMP start script will read the default of 1 in the config file and start. In 10.20, the master config file is /etc/rc.config.d/SnmpMaster. The other two are SnmpHpunix and SnmpMib2. You can change all of the 1's to 0's. This will stop snmpdm from starting at boot.

Hope this helps.

Connie K.
Independent by nature
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.