HPE Community
Operating System - HP-UX
1833299 Members
3022 Online
110051 Solutions
New Discussion

Re: /var/adm/inetd.sec

 
SOLVED
Go to solution
David Peacock
Frequent Advisor

‎11-13-2002 12:22 PM

‎11-13-2002 12:22 PM

/var/adm/inetd.sec

I am using /var/adm/inetd.sec to restrict ftp access to our server.

I have one line with
ftp allow X.X.X.X X.X.X.* etc...

Today I added an entry to this file.

Do I have to stop/start inetd daemon for the changes to take effect?

If I stop/start inetd will logged-in users loose their connection?
veni, vidi, vmstat
0 Kudos
Reply
5 REPLIES 5
Christopher McCray_1
Honored Contributor

‎11-13-2002 12:28 PM

‎11-13-2002 12:28 PM

Solution

Re: /var/adm/inetd.sec

Hello,

You should only need to run:

# inetd -c

But, if you want to stop/start inetd, the users will not get kicked off.

Hope this helps

Chris
It wasn't me!!!!
Reply
Jeff Schussele
Honored Contributor

‎11-13-2002 12:29 PM

‎11-13-2002 12:29 PM

Re: /var/adm/inetd.sec

Nope - just need
inetd -c
that will cause the inetd to reread the conf & sec files.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Deshpande Prashant
Honored Contributor

‎11-13-2002 12:35 PM

‎11-13-2002 12:35 PM

Re: /var/adm/inetd.sec

Hi
Running "#inetd -c "will not affect any existing connecitons & will load the new config.

Thanks.
Prashant.
Take it as it comes.
Reply
Darrell Allen
Honored Contributor

‎11-13-2002 01:40 PM

‎11-13-2002 01:40 PM

Re: /var/adm/inetd.sec

Hi,

Sorry to disagree. I verified this on an 11.0 system.

You do not have to stop/start inetd when you change inetd.sec. Neither do you have to re-read the configuration (inetd -c).

If you do stop/start inetd, existing connections will not be dropped. New connections will be denied while inetd is stopped.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎11-13-2002 02:38 PM

‎11-13-2002 02:38 PM

Re: /var/adm/inetd.sec

Yep, Darrell's correct.
inetd reads /var/adm/inetd.sec at each connection & uses it to determine whether to accept it or not.

/Quote inetd.sec man pg:

When inetd accepts a connection from a remote system, it checks the address of the host requesting the service against the list of hosts to be allowed or denied access to the specific service (see inetd(1M) ). The file inetd.sec allows the system administrator to control which hosts (or networks in general) are allowed to use the system remotely. This file constitutes an extra layer of security in addition to the normal checks done by the services. It precedes the security of the servers; that is, a server is not started by the Internet daemon unless the host requesting the service is a valid host according to inetd.sec.

/End Quote

So - bottom line - only /etc/inetd.conf changes require inetd -c. inetd.sec changes are real-time.
Good catch Darrell.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.