Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software

161

162

163

164

165

166

167

168

169

170

Table 26 Network Services Wrapped by Internet Express (continued)

Default Access SettingNetwork Service

Allows you to run the POP2 (Post Office Protocol Version 2) e-mail serverpop2

Allows you to change passwordspoppassd

Allows you to run the POP3 (Post Office Protocol Version 3) e-mail serverpopper

Allows you to execute commands on a remote systemrexecd

Allows you to log in to a remote systemrlogind

Allows you to broadcast a message to all users logged in to a remote systemrpc.rwalld

Allows you to gather statistics on a remote host's operating systemrpc.rstatd

Returns quotas for a user of a local file system that is mounted by a remote system

over Network File System (NFS)

rpc.rquotad

Displays a list of users on a remote systemrpc.rusersd

Records the packets sent in a one-way stream to a remote system, including the

number of packets received on the remote system and the transfer rate

rpc.sprayd

Runs a shell on a remote systemrshd

Allows mail to be delivered between the local and remote systemssendmail

Allows you to communicate with a remote system by means of a virtual terminaltelnetd

Supports the Trivial File Transfer Protocol (tftp), which transfers files to and from

a remote system

tftpd

Controlling Access to Other Network Services

You can use TCP Wrapper to control access to network services other than those wrapped by

Internet Express, and include these additional services in the list displayed on the Display/Update

Configuration form, as follows:

1. Make sure an entry for the service exists in the /etc/inetd.conf file. The entry must not

include the TCP Wrapper (/usr/sbin/tcpd).

2. Add an entry for the service in the /usr/internet/security/config.tcp file to provide

a name and description to use on the Display/Update Configuration form. The following

example shows the entry for the fingerd service:

The user information server for networks :fingerd

3. Edit the /usr/internet/security/hosts.allow file to specify the access setting for

the service. The following example is the entry in the /usr/internet/security/

hosts.allow file for the fingerd service:

fingerd:ALL:ALLOW

4. Run the /usr/internet/security/install.sh script to add TCP Wrapper to the

service's entry in the /etc/inetd.conf file, and to copy the modified /usr/internet/

security/hosts.allow file to /etc/hosts.allow.

You can use the /usr/internet/security/deinstall.sh script to remove the TCP wrapper

from all services in the inetd.conf file.

Modifying Access to a Wrapped Network Service

To modify the access setting for a network service, follow these steps:

1. From the Internet Express Main menu, choose Manage Components.

2. From the Manage Components Menu, under Network Security, choose TCP Wrapper.

168 Network Security Administration