HPE Community
Operating System - Tru64 Unix
1829147 Members
2556 Online
109986 Solutions
New Discussion

Re: port contrlo

 
Nabil_11
Frequent Advisor

‎03-18-2006 01:59 AM

‎03-18-2006 01:59 AM

port contrlo

Hi,

Is there any software to Install it on Tru64 to control the opend port
I have Trucluster on 5.1


Please advice

Regards

Nabil
0 Kudos
6 REPLIES 6
Hein van den Heuvel
Honored Contributor

‎03-18-2006 02:21 AM

‎03-18-2006 02:21 AM

Re: port contrlo



Here is one of many recent articles on 'port control':

http://www.msnbc.msn.com/id/10704051/

:-)

Sorry, couldn't help myself considering your name & stated country.

Seriously though, please try to clarify your question for better help.
Are you maknig or using a daemon?
A standard task (FTP, NTP,...) or your own application?
Somethign to do with /etc/services and reserved port ranges perhaps?

Kindests regards,
Hein.



0 Kudos
Nabil_11
Frequent Advisor

‎03-18-2006 07:39 AM

‎03-18-2006 07:39 AM

Re: port contrlo

Thanks for ur replay,

Actally I have one important customer in Jordan he need to secure TruCluster servers
So with netstate command there is too many ports at listening status, so we need to know which port to open and whcih to close
offcousre I know all known ports at /etc/servies and I know how to close it

Regards
0 Kudos
Steven Schweda
Honored Contributor

‎03-18-2006 03:15 PM

‎03-18-2006 03:15 PM

Re: port contrlo

> [...] we need to know which port to open
> and whcih to close

Close the ones which you don't use, and leave
open the ones which you do use. How can
anyone else know which is which?

Many people put an IP router between an
external network and the internal systems
which should be protected. Even a simple
router will offer some port filtering
capability.
0 Kudos
Ivan Ferreira
Honored Contributor

‎03-20-2006 01:21 AM

‎03-20-2006 01:21 AM

Re: port contrlo

Please do not remove the "r" services (rlogin, rsh, etc). Is required for the proper function of the TruCluster Software. I would recommend also the use of a firewall device in front of the cluster.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Al Licause
Trusted Contributor

‎03-20-2006 02:39 AM

‎03-20-2006 02:39 AM

Re: port contrlo

RE: The use of the rcommands on a cluster.
While it is true that the clusters require the rcommands to pass information and status checks, you can substitute the use of ssh for
the rutils by enabling EnforceSecureRutils in the /etc/ssh2/ssh2_config file on each system.

This will for the system to use s* commands anytime an r* command is used.

For more on this see section B.4 in the v5.1b Security Administration guide in the on line docs.

0 Kudos
Nabil_11
Frequent Advisor

‎03-20-2006 02:59 AM

‎03-20-2006 02:59 AM

Re: port contrlo

many 10x for all,

Actually there is firewall for outside network,
But my customer want to assure that there is no weak point for inside people to use existing opened port as hole to log to system i'm trying to convince them thats not possible but when they execute netstat they find to many listening ports they need to know every port listening for which purpose if its OK and that normal --- fine But if there is a hole in one of these ports I need to close it


Regards



0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.