Manualshelf

Configuring and Managing MPE/iX Internet Services (August 2002)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System
31323334353637383940
Chapter 2
Internet Daemon
inetd Security File
32
Updating inetd Security File
Each line in the inetd security file contains a service name, a permission field, and the IP addresses or
domain names of the hosts and networks allowed to use that service on your host system. You can open the
file to view the current security restraints or to change them. To do so:
1. Open the security file with an MPE text editor. The contents will resemble the following:
# The lines in the file contain a service name, permission field and
# the Internet addresses or names of the hosts and/or networks
# allowed to use that service in the local machine.
# The form for each entry in this file is:
#
# <service name> <allow/deny> <host/network addresses, host/network names>
#
# For example:
#
# telnet allow 10.3-5 192.34.56.5 ahost anetwork
#
# The above entry allows the following hosts to attempt to access your system
# using telnet:
# hosts in subnets 3 through 5 in network 10,
# the host with Internet Address of 192.34.56.5,
# the host by the name of "ahost",
# all the hosts in the network "anetwork"
#
# tftp deny 192.23.4.3
#
# The tftp entry denies host 192.23.4.3 to access your system using tftp
#
# Hosts and network names must be official names, not aliases.
# See the Configuring and Installing Internet Services Manual for more
# information.
The word allow or deny in the second column determines whether the list of remote hosts in the next
field to the right has access to the specified service. If there is more than one line for a service, regardless
of whether a statement indicates allow or deny, the inetd server ignores all but the last line.
2. Make any necessary editing changes. Refer to the following three sections, Editing Tips, Using
Wildcard Characters and Using Range Character for more information.
3. Save your file and exit the editor.
Editing Tips
When you edit the inetd security file, remember the following points:
To comment out a line, begin column 1 with a pound symbol (#). To enable a security provision that has
been commented out, delete the pound symbol and any blank spaces preceding the service name.
Enter the real service name, not the alias, of a valid service in the inetd configuration file.
Separate the IP addresses and domain names by a white space. You may enter any mix of addresses and
names. For example, the following entry denies Telnet access to host hp22.cup.hp.com, any hosts on the
network named testlan, and the host with IP address 192.54.24.5:
telnet deny hp22.cup.hp.com testlan 192.54.24.5
To continue an entry on the next line, place a slash (/) at the end of the line to be continued. The
Internet daemon will ignore a slash that appears in the middle of the line, continue reading to the end,
and ignore the next line. In this case, it will probably misinterpret the entry and you will see an error
message.