UNIX for Dummies Questions & Answers

OK I am a complete newbie to Unix. We have a Sunfire V890 running SUNOS Release 5.9. The Operating Environment is Solaris 9. I have been tasked with determining whether or not specific network and solaris services are enabled or disabled. If the services are enabled I need to disable them. I'm trying to determine the best way to find out if these services are installed and if they are, are they enabled or disabled.

An sample list of the network services includes:

chargen
daytime
discard
echo
exec
finger
nfs
sendmail
talk

etc. etc.

I appreciate any help you guys can provide. Thank you.

As it's solaris 9, these will all be started out of either /etc/rc2.d/ (and /etc/rc3.d/) or /etc/inet/inetd.conf. Most of the ones you've listed are in /etc/inet/inetd.conf.

It's highly likely all will be installed, but its the enabled/disabled state that's going to be most interesting to you I'd wager.

Inetd runs as a process (/usr/sbin/inet) and listens on all the ports it has in it's config file (inetd.conf). When it receives a connection it knows what to do with, it starts up a copy of the appropriate app (determined in the config file). If you comment out (with a '#' symbol) the entry in the config file, it will stop responding to those requests - disabling the service.

To add or remove something from inetd, find the relevant line (eg search the file for 'chargen'), and add a # symbol to the start of the line. The save the changes and send a SIGHUP to the inet process.

This SIGHUP is sent by first finding the process id (or PID) by running:

Code:

ps -ef | grep '/usr/sbin/inet'

Find the matching line, and remember the first number on the line eg:

Code:

root # ps -ef | grep '/usr/sbin/inetd'
    root   272     1  0   Aug 15 ?        0:03 /usr/sbin/inetd -s -t

The run the following kill command to send the SIGHUP: kill -HUP <pid>
eg:

Code:

kill -HUP 272

You can comment out multiple entries in the config file at one time and only send one SIGHUP to save some time.

Test be attempting to telnet to the relevant port.

To disable something that's started from the /etc/rcX.d/ directories, find the relevant script (it's usually in /etc/rc2.d and will be called something like S34sendmail) and rename it to anything that doesn't begin with an S (startup scripts) or a K (shutdown scripts). I normally change the capital S to a lowercase s but many people put an underscore (_) in front of the filename instead. Whatever works for you.

This will prevent it from being started up at the next reboot but it will still be running for now. Shut it down by running your recenty renamed script with 'stop' as the only commandline parameter.

Again, test be attempting to telnet to the relevant port.

The quickest test I can think of would be to identify the port these services listen on (look in /etc/services for hints) and test by running 'telnet <port>'

The simple and repeatable soultion is to create a custom JASS package with the profile you want, install that on the machines and run the profile.

If you need to report what is running where first, I would recommend a non-agressive portscan of the hosts using a tool such as nmap, if that is acceptable in your situation.

What he said

JASS is a cool little tool (free from Sun) that applies security templates to a system and )optionally) periodically checks that they still match to prevent people turning stuff back on later. It's simple to use and once it's set up, it's a doddle to run whenever you need it.

nmap's another good idea for finding the services you want. But as reborg says, check with your network or security guys first as port-scanning (what nmap does) is widely used by hackers so will often trip alarm bells.

To make it quick, just disable these because most of the time, its not needed.
1) echo
2) finger
3) talk
4) daytime
5) discard
6) chargen
7) exec

for sendmail , it depends on whether your server is used as email server. Also for nfs, it depends whether your server is used as NFS server.