Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
971972973974975976977978979980
Configuring HP-UX Bastille: Interview
Bastille Configuration Questions and Explanations for HP-UX
Appendix B978
undefined data, preferably data in some recognizable pattern (RFC 862)
echo: Simply returns the packets sent to it. (RFC 862)
Secure Inetd Q: Should Bastille ensure that inetd's time service does not run on this
system? [Y]
The time service that is built into inetd produces machine-readable time, in
seconds since midnight on 1 January 1900 (RFC 868). It is used for clock synchroniza
tion,
but it lacks the ability to be configured securely. It is recommended that the time
service be disabled and for this machine to use the Network Time Protocol to synchron
ize
its clocks as XNTP can be configured securely, see xntpd(1m).
Secure Inetd Q: Should Bastille ensure that the inetd's klogin and kshell services do
not run on this system? [Y]
The kshell and klogin services use Kerberos authentication protocols. If
this machine is not using the Kerberos scheme then it is suggested that these service
s
be disabled. Using the principle of minimalism in a security lockdowns, any service
or
daemon running on the system that is not needed or used should be disabled.
Secure Inetd Q: Should Bastille ensure that inetd's CDE helper services do not run
on this system? [Y]
The dtspcd, ttdbserver, and cmsd services are used by CDE. Each service
has relative merits but they are all rarely used and for the most part deprecated.
Definitions for each service are as follows:
dtspcd:
Desktop Subprocess Control service is used to invoke a processes on other
systems. It uses an IP based authentication that is relatively easy to beat.
cmsd:
This is used to run Sun's Calendar Manager software database over the network.
If you don't use Sun's Calendar Manager software you will not be affected by
disabling this service. Sun's Calendar Manager will not work properly with
cmsd disabled.
ttdbserver:
Sun's ToolTalk Database Server allows OpenWindows programs to intercommunicate.
Disabling this service may affect some of the advanced mail features of dtmail.
For instance, you will be unable to use the network aware mail locking feature
of dtmail. Some third party applications may use this service as well.
Secure Inetd Q: Should Bastille ensure that inetd's recserv service does not run on
this system? [Y]