OK I am a complete newbie to Unix. We have a Sunfire V890 running SUNOS Release 5.9. The Operating Environment is Solaris 9. I have been tasked with determining whether or not specific network and solaris services are enabled or disabled. If the services are enabled I need to disable them. I'm trying to determine the best way to find out if these services are installed and if they are, are they enabled or disabled.
As it's solaris 9, these will all be started out of either /etc/rc2.d/ (and /etc/rc3.d/) or /etc/inet/inetd.conf. Most of the ones you've listed are in /etc/inet/inetd.conf.
It's highly likely all will be installed, but its the enabled/disabled state that's going to be most interesting to you I'd wager.
Inetd runs as a process (/usr/sbin/inet) and listens on all the ports it has in it's config file (inetd.conf). When it receives a connection it knows what to do with, it starts up a copy of the appropriate app (determined in the config file). If you comment out (with a '#' symbol) the entry in the config file, it will stop responding to those requests - disabling the service.
To add or remove something from inetd, find the relevant line (eg search the file for 'chargen'), and add a # symbol to the start of the line. The save the changes and send a SIGHUP to the inet process.
This SIGHUP is sent by first finding the process id (or PID) by running:
Find the matching line, and remember the first number on the line eg:
The run the following kill command to send the SIGHUP: kill -HUP <pid>
eg:
You can comment out multiple entries in the config file at one time and only send one SIGHUP to save some time.
Test be attempting to telnet to the relevant port.
To disable something that's started from the /etc/rcX.d/ directories, find the relevant script (it's usually in /etc/rc2.d and will be called something like S34sendmail) and rename it to anything that doesn't begin with an S (startup scripts) or a K (shutdown scripts). I normally change the capital S to a lowercase s but many people put an underscore (_) in front of the filename instead. Whatever works for you.
This will prevent it from being started up at the next reboot but it will still be running for now. Shut it down by running your recenty renamed script with 'stop' as the only commandline parameter.
Again, test be attempting to telnet to the relevant port.
The quickest test I can think of would be to identify the port these services listen on (look in /etc/services for hints) and test by running 'telnet <port>'
The simple and repeatable soultion is to create a custom JASS package with the profile you want, install that on the machines and run the profile.
If you need to report what is running where first, I would recommend a non-agressive portscan of the hosts using a tool such as nmap, if that is acceptable in your situation.
The simple and repeatable soultion is to create a custom JASS package with the profile you want, install that on the machines and run the profile.
If you need to report what is running where first, I would recommend a non-agressive portscan of the hosts using a tool such as nmap, if that is acceptable in your situation.
What he said
JASS is a cool little tool (free from Sun) that applies security templates to a system and )optionally) periodically checks that they still match to prevent people turning stuff back on later. It's simple to use and once it's set up, it's a doddle to run whenever you need it.
nmap's another good idea for finding the services you want. But as reborg says, check with your network or security guys first as port-scanning (what nmap does) is widely used by hackers so will often trip alarm bells.
OK I am a complete newbie to Unix. We have a Sunfire V890 running SUNOS Release 5.9. The Operating Environment is Solaris 9. I have been tasked with determining whether or not specific network and solaris services are enabled or disabled. If the services are enabled I need to disable them. I'm trying to determine the best way to find out if these services are installed and if they are, are they enabled or disabled.
Hello,
I would like to do follow steps.
Set a static IP-Adress on eth0 (For Testing)
Set DHCP on eth0
All steps should be done without a single reboot.
/etc/network/interfaces
iface eth0 inet static
address 192.0.2.7/24
gateway 192.0.2.254How do i perform... (3 Replies)
Hi
I want to write a script for netflow service
because my service doesnt send any packet to netflow walker (server).
Although the service is started but it does not send any packet to server until i restart the service
I want to write a script in order to restart the service... (7 Replies)
Hi,
I just started working on a script. After my research, i found a command which can help me:
AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2.
So my script has to... (4 Replies)
i have installd oracle 10 on Solaris 10 now i want to access this database from remote machine.
-bash-3.00$ tnsping 192.168.92.49
TNS Ping Utility for Solaris: Version 10.2.0.2.0 - Production on 17-DEC-2010 21:06:51
Copyright (c) 1997, 2005, Oracle. All rights reserved.
Used... (0 Replies)
Hi
Is there a cmd in hpux 11 to get the network services
the network services must display "Listen" like command netstat -an |grep Listen and display the process that is running on a port in HP-Unix at the same time
my request can not use lsof -i command,not to install any extral... (2 Replies)
While installing a firewall, I was pinging the interface from SCO 5.0.6 Openserver box, while no response, I hit "DEL" to cancel, but no cancel. Then all of a sudden I get BOO-KOO traffic lights on HUB and Switch.... Then a kernel trap error. System froze... Proceeded with a cold boot. Now I have... (8 Replies)