Manualshelf

Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System
21222324252627282930
Chapter 2
Internet Daemon
inetd Security File
30
Reading an entry from left to right, these fields are:
Field Purpose
service name The name of the service in the services file.
socket type Either stream if the socket is a stream socket, or dgram if the socket is a
datagram socket.
protocol A valid protocol name, either tcp or udp, as entered in the protocols file.
wait state One of two states, wait or nowait, that applies only to datagram sockets.
The wait entry instructs inetd to execute only one datagram server for
the specified socket at any one time. This is a single-threaded datagram
server. The nowait entry instructs inetd to execute a datagram server for
a specified socket whenever a datagram arrives, which frees the socket so
that inetd can receive further datagrams. This is a multi-threaded
datagram server.
user The identification of the user when the server is running.
server program The absolute path of the program that inetd executes when it receives a
connection request.
arguments Arguments to the server program, beginning with argument zero, which is
the name of the program.
inetd Security File
There is an optional security file associated with inetd that allows you to control which nodes have access to
the Internet Services available on your system. The inetd security file will prevent inetd from starting a
service unless the node making the request has permission to do so. Individual entries in the inetd security
file determine which nodes are allowed or disallowed for a particular service.
The inetd security file is not the only security provided for Internet Services. It constitutes an extra layer of
security in addition to the normal checks done by the services themselves. If the inetd security file does not
exist, if a remote service is not listed in the security file, or if it is listed but it is not followed by the allow or
deny key word, all remote hosts can attempt to use it. Such an attempt will succeed if it passes the security
checks imposed by the requested service.
If inetd refuses a connection for security reasons, and inetd connection logging is enabled, a message is sent
to the console indicating that there was an unsuccessful connection attempt.
Creating and Linking inetd Security File
You may already have a security file for inetd installed on your system. If you know that you have such a file,
and it is accessible by the POSIX file name /usr/adm/inetd.sec you may skip these steps.
If not, follow the steps below to create the file and link to it. If you have such a file, but are unsure whether or
not it is linked, perform step 2 only.
1. Create your own inetd security file by using the COPY command to rename the sample file. Enter:
:COPY INSECSMP.NET.SYS TO INETDSEC.NET.SYS