Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disabling entries on inetd.conf (AIX).
Operating Systems AIX Disabling entries on inetd.conf (AIX). Post 302972466 by system.engineer on Thursday 5th of May 2016 04:56:49 PM
Old 05-05-2016
Disabling entries on inetd.conf (AIX).
Hello,

We're working on securing the AIX environment. started with disabling unused services on AIX.

Below are the entries which are not commented on my test LPAR (even other LPARs).

Code:
ntalk   dgram   udp     wait    root    /usr/sbin/talkd         talkd
daytime stream  tcp     nowait  root    internal
time    stream  tcp     nowait  root    internal
daytime dgram   udp     wait    root    internal
time    dgram   udp     wait    root    internal
caa_cfg stream  tcp6    nowait  root    /usr/sbin/clusterconf clusterconf >>/var/adm/ras/clusterconf.log 2>&1
xmquery dgram   udp6    wait    root    /usr/bin/xmtopas xmtopas -p3



I believe ntalk is used for conversation purpose (between users), can disable that. I'm going to disable caa_cfg, since we are not using any cluster software.

I would like to leave "xmquery" as it is, since its not going to impact security. Please correct me if am wrong ?


I've a question about below entries

daytime
time

will it affect my server functionality in anyway If I disable these services ?

Please provide your comments/suggestions. thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

inetd.conf file = gone on my home linux box

Hi there I'm trying to set up swat on my linux box at home and when i read the man pages on it it says that i have to edit a file called inetd.conf but i did a search like find / -name inetd.conf but it only comes up with this. /etc/linuxconf/archive/Home-Office/etc/inetd.conf find:... (2 Replies)
Discussion started by: nemex
2 Replies

2. UNIX for Advanced & Expert Users

Linux file corresponding to HP-UX inetd.conf

Hi!!, I have been working on a HP UX box all these days.. For adding a user defined service, I used to put an entry for this service corresponing to a port number in /etc/services. These services were then defined in inetd.conf. Now I have moved to Mandrake linux. I can find a file named... (2 Replies)
Discussion started by: jyotipg
2 Replies

3. Red Hat

inetd.conf in linux

I need to put the following line in inetd.conf: stats stream tcp nowait nobody /usr/local/bin/mrtgsysinfo mrtgsysinfo but my version of linux don't seem to allow that, ie there is no inetd.conf. How do i set that up in linux (red hat enterprise 3). (15 Replies)
Discussion started by: frankkahle
15 Replies

4. UNIX for Dummies Questions & Answers

Cannot edit inetd.conf???

I'm trying to edit the inetd.conf but for some reason when I vi into it, it says "Read Only" even though I am root and the perms are 777?!? (2 Replies)
Discussion started by: shorty
2 Replies

5. Solaris

Script for turning processes in etc/inetd.conf on and off

Anyone have a perl script that can be run via a web browser to turn ftp or telnet on and off in etc/inetd.conf ? Believe it or not but I ride a motorcycle a lot in the summer and carry a laptop in my saddlebags to connect from almost anywhere via Verizon alongside the highway. However, have too... (0 Replies)
Discussion started by: thomi39
0 Replies

6. AIX

Disabling an ASCI terminal in AIX versions 3 and 4

Hi, I tried to do some research on this subject, but got nothing conclusive. I have the following need: I have different servers with AIX versions 3.2.5 through 4.3.2. Some of them have two ASCI terminals connected. I have a shell script that is executed by a user on the main console... (2 Replies)
Discussion started by: andrei_r20
2 Replies

7. AIX

Disabling SSH direct access for an AIX user

Hello everyone, Can anyone help me please. I want to disable SSH direct access for an AIX user. For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 . Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies

8. AIX

Disabling SNMP in AIX 7.1

Hi, I am planning to disable SNMP in our AIX LPARs. wanted to see by disabling in a test LPAR. before that, I would like to check disabling this SNMP will impact any of our application or database in anyway. what kind of other software depends on these SNMP daemons ? Can you please let me... (9 Replies)
Discussion started by: system.engineer
9 Replies

9. AIX

Can I get some clue on disabling SSLv1, v3 and TLS1.0 on AIX

Hi, We've a requirement to disable the protocols SSLv3, SSL v2 and TLS 1.0. And have TLS 1.2 enabled using AEAD (Authentication Encryption with Associated Data). This is the only information i have, I'm not sure how to proceed, was trying to find information using google. Can you... (6 Replies)
Discussion started by: system.engineer
6 Replies

10. Shell Programming and Scripting

Script to update rsyslog.conf and auditd.conf

Hello all, Newbie here. I'm currently tasked with updating rsyslog.conf and auditd.conf on a large set of servers. I know the exact logging configurations that I want to enable. I have updated both files on on a server and hope to use the updated files as a template for the rest of the... (3 Replies)
Discussion started by: Mide
3 Replies

LEARN ABOUT OSF1

inetd.conf

inetd.conf(4)						     Kernel Interfaces Manual						     inetd.conf(4)

NAME

       inetd.conf, inetd.conf.local - The default configuration files for the inetd daemon

SYNOPSIS

       The default configuration file for all cluster members is: /etc/inetd.conf

       The configuration file for a specific member in a cluster is: /etc/inetd.conf.local

       The inetd.conf.local file is a Context-Dependent Symbolic Link (CDSL) and must be maintained as such.  See the System Administration manual
       for more information.

DESCRIPTION

       If the inetd daemon is started without specifying an alternate  configuration  file,  the  inetd  daemon  reads	the  inetd.conf  file  and
       inetd.conf.local  file,	in this order, for information on how to handle Internet service requests.  For this reason, if an entry exists in
       both configuration files, the entry in /etc/inetd.conf.local overrides the entry in /etc/inetd.conf.

       The inetd daemon reads its configuration files only when the inetd daemon starts or when the inetd daemon receives a SIGHUP  signal.   Each
       line in theinetd configuration files defines how to handle one Internet service request.

       Each line is of the form: ServiceName SocketType ProtocolName Wait/NoWait UserName 
			      ServerPath  ServerArgs  (Note:  The backslash and the continuation of information on to a second line is for display
       purposes only. In the configuration file, the entries appear on a single line.)

       These fields must be separated by spaces or tabs.  Continuation lines are terminated with a  (backslash).  Comments are denoted with  a  #
       (number	sign).	 The fields have the following meanings: Specifies the name of an Internet service defined in the /etc/services file.  For
       services provided internally by the inetd daemon, this name must be the official name of the service.  That is, the name must be  identical
       to  the	first  entry on the line that describes the service in the /etc/services file.	Specifies the name for the type of socket used for
       the service.  You can use either the stream value for a stream socket, the dgram value for a datagram socket,  the  raw	value  for  a  raw
       socket,	the  rdm  value  for  a reliably delivered message socket, or the seqpacket value for a sequenced packet socket.  You can also use
       xstream and xdgram to permit the transparent mode of connections for stream and datagram sockets, respectively.	Currently,  only  applica-
       tion gateways for firewall services use the transparent mode of connection.
       Specifies the name of an Internet protocol defined in the /etc/protocols file.  For example, use the tcp  value for a service that uses the
       TCP/IP protocol and the udp value for a service that uses the UDP protocol.

	      When you use a tcp or udp value, inetd creates AF_INET sockets; this is the default behavior.  If you want inetd to create  AF_INET6
	      sockets, use the tcp6 or udp6 value.  The inetd daemon maps these values to the tcp and udp protocol names internally.

	      For  RPC services the field consists of the string rpc followed by a slash (/) and one of the following: An asterisk (*) One or more
	      nettypes One or more netids A combination of nettypes and netids

	      If you specify an invalid nettype, it is treated as a netid.  For example, if you specify rpc/*, it specifies the service  uses  all
	      the  transports  supported  by the system.  Contains either the wait or the nowait instruction.  For datagram servers, specify wait.
	      This instructs the inetd daemon to wait for a datagram server to read at least one datagram from the socket before exiting.  Single-
	      threaded	datagram servers process all incoming datagrams, then they time out (for example, comsat, biff, and talkd).  Multithreaded
	      datagram servers read one datagram from the socket, create a new socket, then fork and exit (for example, tftpd).

	      For servers using stream sockets, specify nowait for multithreaded servers.  This instructs inetd to accept connection requests  and
	      pass  a  newly  accepted	socket	that  is  connected  to the client of the service to the server.  Specify wait for single-threaded
	      servers.	This instructs inetd to pass the listening socket to the server and wait.  The server must accept at least one	connection
	      request before exiting.  Specifies the username that the inetd daemon should use to start the server.  This variable allows a server
	      to be given less permission than root.  Specifies the full pathname of the server that the inetd daemon should  execute  to  provide
	      the  service.   For  services that the inetd daemon provides internally, this field should be internal.  If you want to disable this
	      service, this field should be disable in the /etc/inetd.conf.local file.	Specifies the command line arguments that the inetd daemon
	      is  to  pass  to the server specified in ServerPath.  The arguments to ServerPath should be just as they normally are, starting with
	      the name of the program.	For services that the inetd daemon provides internally, this field should be blank.

EXAMPLES

       The following are sample entries in the /etc/inetd.conf file for an inetd daemon that: Uses the ftpd daemon for servicing ftp  requests	on
       an AF_INET6 socket Uses the talkd daemon for ntalk requests on an AF_INET socket Provides time requests internally on AF_INET6 sockets
       ftp  stream tcp6 nowait root /usr/sbin/ftpd ftpd ntalk dgram udp wait root /usr/sbin/talkd talkd time stream tcp6 nowait root internal time
       dgram udp6 wait root internal

       How you enable and disable services in a cluster depends on the number of cluster members.  The following two examples show the same  clus-
       ter  that  has three members (0, 1, and 2), but shows two diferent methods to accomplish the same goal.	Choose the method most suitable to
       your cluster environment.

       If you want to enable the ftpd daemon on all cluster members except member 2, do the following: To enable the ftpd daemon for all  members,
       enter  the  following  in the /etc/inetd.conf file: ftp stream tcp nowait root /usr/sbin/ftpd ftpd To disable the ftpd daemon for member 2,
       enter the following in the /etc/inetd.conf.local for member 2: ftp stream tcp nowait root disable

       If you want to disable the ftpd daemon on all cluster members (the whole cluster), but enable it on members 0 and 1, do the  following:	To
       disable	the  ftpd  daemon  by  default for the whole cluster, enter the following in the /etc/inetd.conf file: #ftp stream tcp nowait root
       /usr/sbin/ftpd ftpd To enable the ftpd daemon for member 0, enter the following in the /etc/inetd.conf.local file for member 0: ftp  stream
       tcp  nowait root /usr/sbin/ftpd ftpd To enable the ftpd daemon for member 1, enter the following in the /etc/inetd.conf.local file for mem-
       ber 1: ftp stream tcp nowait root /usr/sbin/ftpd ftpd

       Member 2 does not have an ftpd entry in its /etc/inetd.conf.local file.	Therefore, the ftpd daemon is not started.

RELATED INFORMATION

       Commands: biff(1), comsat(8).

       Daemons: inetd(8), talkd(8), tftpd(8).

       Files: protocols(4), services(4).  delim off

																     inetd.conf(4)
All times are GMT -4. The time now is 02:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy