Installing and Administering Internet Services
Chapter 2 41
Installing and Configuring Internet Services
Configuring the Internet Daemon, inetd
3. Make sure /etc/inetd.conf is owned by user root and group
other, and make sure its permissions are set to 0444 (-r--r--r--).
For more information, type man 4 inetd.conf or man 1M inetd.
To Edit the /var/adm/inetd.sec File
The /var/adm/inetd.sec file is a security file that inetd reads to
determine which remote hosts are allowed access to the services on your
host. The inetd.sec file is optional; you do not need it to run the
Internet Services.
You can use either a text editor or SAM to edit the inetd.sec file. SAM
(System Administration Manager) is Hewlett-Packard’s windows-based
user interface for performing system administration tasks. To run SAM,
type sam at the HP-UX prompt. SAM has an extensive online help
facility.
1. If the /var/adm/inetd.sec file does not exist on your host, copy
/usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
2. Create one line in inetd.sec for each service to which you want to
restrict access. Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...]
{deny}
where service_name is the first field in an entry in the
/etc/inetd.conf file, and host_specifier is a host name, IP
address, IP address range, or the wildcard character (*).
3. Make sure the /var/adm/inetd.sec file is owned by user root and
group other, and make sure its permissions are set to 0444
(-r--r--r--).
Following are some example lines from an inetd.sec file:
login allow 10.*
shell deny vandal hun
tftp deny *
The first example allows access to rlogin from any IP address
beginning with 10. The second example denies access to remsh and rcp
from hosts vandal and hun. The third example denies everyone access to
tftp.