Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Controlling Security on a Network
Chapter 8 785
Understanding Network Services
HP-UX provides various networking services, each providing a means of
authentication, either through password verification or authorization set
up in a file on the remote system.
For information on using the services, refer to the manpage specific to
the services. We have identified here some of the major security concerns
related to these network services.
Using inetd.sec to Restrict Outside Access
Access control to individual network services can be set in
/var/adm/inetd.sec, an optional security file for the Internet daemon.
You can explicitly allow or deny use of most networking services by
listing them on a per-machine or per-subnet basis.
The syntax of entries in /var/adm/inetd.sec is:
service-name
allow|deny {
host-address
|
host-name
}...
Table 8-2 Access Verification for Network Services
Network service Access verification
ftp Password verification. See ftp (1).
mount Entry in /etc/exports. See mount (1M).
rcp Entry in .rhosts or hosts.equiv file. See rcp
(1).
remsh Entry in .rhosts or hosts.equiv file. See
remsh (1).
rlogin Password verification or entry in .rhosts or
hosts.equiv file. See rlogin (1).
telnet Password verification. If the TAC User ID
option is enabled by telnetd, telnet uses the
entry in the .rhosts or hosts.equiv file. See
telnet (1) and telnetd (1M).