HP-UX Internet Services Administrator's Guide (August 2003)
Installing and Configuring Internet Services
Configuring the Internet Services Software
Chapter 236
1. Make sure /etc/inetd.conf contains the following lines. If any of
the lines start with a number sign (#), remove the number sign to
enable that particular service.
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
tftp dgram udp wait root /usr/lbin/tftpd tftpd
bootps dgram udp wait root /usr/lbin/bootpd bootpd
finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp nowait root /usr/lbin/rlogind rlogind
shell stream tcp nowait root /usr/lbin/remshd remshd
exec stream tcp nowait root /usr/lbin/rexecd rexecd
To disable any of these services, comment out the line by typing a
pound sign (#) as the first character on the line.
2. After modifying the /etc/inetd.conf file, type the following
command to force inetd to read its configuration file:
/usr/sbin/inetd -c
3. Make sure /etc/inetd.conf is owned by user root and group
other, and make sure its permissions are set to 0444 (-r--r--r--).
For more information, type man 4 inetd.conf or man 1M inetd at the
HP-UX prompt.
Editing the /var/adm/inetd.sec File
The /var/adm/inetd.sec file is a security file that inetd reads to
determine which remote hosts are allowed to access the services on your
host. The inetd.sec file is optional; you do not need this file to run the
Internet Services.
To edit the inetd.sec file using a text editor or SAM, complete the
following steps:
1. If the /var/adm/inetd.sec file does not exist on your host, copy
/usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
2. Create one line in inetd.sec for each service to which you want to
restrict access. Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name
{allow}
host_specifier
[
host_specifier
...]
{deny}