- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Forbidden processes found
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-29-2009 04:15 PM
тАО10-29-2009 04:15 PM
chargen (Inetd)
daytime (Inetd)
discard (Inetd)
dtrc (Process)
dtspc (Inetd)
echo (Inetd)
exec (Inetd)
ident (Inetd)
instl_boots(Inetd)
klogin (Inetd)
kshell (Inetd)
ntalk (Inetd)
printer (Inetd)
recserv (Inetd)
rpc.statd (Process)
tftp (Inetd)
time (Inetd)
Note that some of them are listed as Inetd and some of them as Process, why is this?
Thank you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-29-2009 06:08 PM
тАО10-29-2009 06:08 PM
Re: Forbidden processes found
The other ones (started from inetd) are marked as inetd.
For every process/service search google,wikipedia ...
Here is example - http://en.wikipedia.org/wiki/DAYTIME
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2009 02:18 AM
тАО10-30-2009 02:18 AM
Solution"(Process)" in the listing means that the respective service is running as an independent daemon process. In HP-UX, this usually means you can stop the service from starting by editing the appropriate file in /etc/rc.config.d/ directory.
Rpc.statd is one of the NFS common services. If your server neither exports nor mounts NFS filesystems, you can set NFS_CLIENT and NFS_SERVER to 0 in /etc/rc.config.d/nfsconf and then rpc.statd won't be started at system boot any more. Note that you must have NFS_CLIENT set to 1 if you wish to make network-based Ignite backups (make_net_recovery).
"(Inetd)" means this is a network service that is started on-demand by inetd. If no-one is using the service, you won't find it in the system's process list. The inetd process handles the actual network connection: the service proces gets the incoming data piped to it from inetd and the outgoing data is handled the same way.
Some of the services marked "(Inetd)" are implemented internally by the inetd process: these are chargen, daytime, discard, echo and time. All of these are very simple services.
Daytime and time just send the current system time back to whoever connects them and then close the connection. Daytime sends the time value in human-readable format; time uses machine-friendly format. These might be used for time synchronization by very simple network devices, but even the simplest modern managed switches have plenty of processing power to use proper time synchronization protocols like SNTP or NTP.
Chargen, discard and echo are designed as aids for network service debugging.
Chargen sends back an endless stream of characters, which may be useful for testing "what happens to a client software if the server goes insane?"
Discard is a network equivalent of /dev/null: it receives everything and sends back nothing.
Echo just sends back anything sent to it.
Some Denial-of-Service attacks have involved tricking a program to connecting to another server's chargen/echo/discard ports, so the current recommendation is to disable these services if you don't need it.
All the rest of processes marked "(Inetd)" can be identified by finding the service name in the left-most column of /etc/inetd.conf file, then looking towards the end of the line to find the name of the executable and reading the man page of the respective executable ("man
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2009 07:29 AM
тАО10-30-2009 07:29 AM
Re: Forbidden processes found
Just comment out the services and restart inetd.
tftp is used to start ignite boots, as is instl_boots, they should be kept off except when actually booting an Ignite system.
Just see that none of these servcies are required for production before you shut them down.
The audit is right, they should not be used.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2009 12:55 AM
тАО11-02-2009 12:55 AM
Re: Forbidden processes found
if you want to know exactly what these do, you should read the manpage.
i might be saying rtfm, but there you presented a huge list.
the difference between process and inetd if that inetd processes are started when a network request on a certain port is made. processes are mostly daemons that start at boot and stay running in the background as long as the machine is up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2009 10:09 AM
тАО11-02-2009 10:09 AM
Re: Forbidden processes found
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2009 11:32 AM
тАО11-02-2009 11:32 AM
Re: Forbidden processes found
man ident
man inst_boots
etc.
That will get you a few of them.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-04-2009 09:59 AM
тАО11-04-2009 09:59 AM
Re: Forbidden processes found
Can you help me getting a brief description of these 3 remaining ones:
dtrc (Process)
instl_boots(Inetd)
printer (Inetd)
Thank you!
Leonilo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2009 01:40 AM
тАО11-08-2009 01:40 AM
Re: Forbidden processes found
I do not know (ask google
instl_boots(Inetd)
check:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1347323
it is used for the lan boot.
printer (Inetd)
this proces must be enabled if other servers are using this server as remote print server