Manualshelf

Configuring and Managing MPE/iX Internet Services (MPE/iX 6.5)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System
31323334353637383940
32 Chapter2
Internet Daemon
inetd Security File
inetd Security File
There is an optional security file associated with inetd that allows you
to control which nodes have access to the Internet Services available on
your system. The inetd security file will prevent inetd from starting a
service unless the node making the request has permission to do so.
Individual entries in the inetd security file determine which nodes are
allowed or disallowed for a particular service.
The inetd security file is not the only security provided for Internet
Services. It constitutes an extra layer of security in addition to the
normal checks done by the services themselves. If the inetd security
file does not exist, if a remote service is not listed in the security file, or
if it is listed but it is not followed by the allow or deny key word, all
remote hosts can attempt to use it. Such an attempt will succeed if it
passes the security checks imposed by the requested service.
If inetd refuses a connection for security reasons, and inetd
connection logging is enabled, a message is sent to the console
indicating that there was an unsuccessful connection attempt.
Creating and Linking inetd Security File
You may already have a security file for inetd installed on your system.
If you know that you have such a file, and it is accessible by the POSIX
file name /usr/adm/inetd.sec you may skip these steps.
If not, follow the steps below to create the file and link to it. If you have
such a file, but are unsure whether or not it is linked, perform step 2
only.
1. Create your own inetd security file by using the COPY command to
rename the sample file. Enter:
:COPY INSECSMP.NET.SYS TO INETDSEC.NET.SYS
2. Create a symbolic link from /usr/adm/inetd.sec in the POSIX
name space to INETDSEC.NET.SYS. Enter:
:NEWLINK /usr/adm/inetd.sec, INETDSEC.NET.SYS
3. Check the security provisions of the file and change them, if
necessary. Hewlett-Packard recommends that only MANAGER.SYS has
write access to INETDSEC.NET.SYS, and write and purge access to
/usr/adm/inetd.sec.