Manualshelf

HP-UX Internet Services Administrator's Guide (May 2010)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
31323334353637383940
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
tftp dgram udp wait root /usr/lbin/tftpd tftpd
bootps dgram udp wait root /usr/lbin/bootpd bootpd
finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp nowait root /usr/lbin/rlogind rlogind
shell stream tcp nowait root /usr/lbin/remshd remshd
exec stream tcp nowait root /usr/lbin/rexecd rexecd
To disable any of these services, comment out the line by typing a pound sign (#)
as the first character on the line.
2. After modifying the /etc/inetd.conf file, type the following command to force
inetd to read its configuration file:
/usr/sbin/inetd -c
3. Make sure /etc/inetd.conf is owned by user root and group other, and
make sure its permissions are set to 0444 (-r--r--r--).
For more information, type man 4 inetd.conf or man 1M inetd at the HP-UX
prompt.
Editing the /var/adm/inetd.sec File
The /var/adm/inetd.sec file is a security file that inetd reads to determine which
remote hosts are allowed to access the services on your host. The inetd.sec file is
optional; you do not need this file to run the Internet Services.
To edit the inetd.sec file using a text editor or SAM, complete the following steps:
1. If the /var/adm/inetd.sec file does not exist on your host, copy
/usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
2. Create one line in inetd.sec for each service to which you want to restrict access.
Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...]
{deny}
where service_name is the first field in an entry in the /etc/inetd.conf file,
and host_specifier is a host name, IP address, IP address range, or the wildcard
character (*).
3. Make sure the /var/adm/inetd.sec file is owned by user root and group
other, and make sure its permissions are set to 0444 (-r--r--r--).
Following are some example lines from an inetd.sec file:
login allow 10.*
shell deny vandal hun
tftp deny *
Configuring the Internet Services Software 33