HP-UX Internet Services Administrator's Guide (February 2007)
To edit the inetd.sec file using a text editor or HP SMH, complete the following
steps:
1. If the /var/adm/inetd.sec file does not exist on your host, copy
/usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
2. Create one line in inetd.sec for each service to which you want to restrict access.
Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...] {deny}
where service_name is the first field in an entry in the /etc/inetd.conf file,
and host_specifier is a host name, IP address, IP address range, or the wildcard
character (*).
3. Make sure the /var/adm/inetd.sec file is owned by user root and group
other, and make sure its permissions are set to 0444 (-r--r--r--).
Following are some example lines from an inetd.sec file:
login allow 10.* shell deny vandal hun tftp deny *
The first example allows access to rlogin from any IP address beginning with 10. The
second example denies access to remsh and rcp from hosts vandal and hun. The
third example denies everyone access to tftp.
Only the services configured in /etc/inetd.conf can be configured in
/var/adm/inetd.sec.
For more information, type man 4 inetd.sec or man 1M inetd at the HP-UX
prompt.
Configuring Logging
This section discusses the following topics:
• “Configuring syslogd” (page 33)
• “Maintaining System Log Files” (page 34)
• “Configuring inetd Connection Logging” (page 35)
• “Configuring ftpd Session Logging” (page 35)
Configuring syslogd
The Internet daemons and servers log informational and error messages through
syslog. You can monitor these messages by running syslogd and determine the
type and extent of monitoring through syslogd’s configuration file,
/etc/syslog.conf.
Configuring the Internet Services Software 33