Thanks to the following who answered my question about inetd.sec:
P. Godwin <pgodwin_at_phad.den.mmc.com>
Kristian Koehntopp <DELETETHIS.KRIS_at_koehntopp.de>
Craig C. Hopewell <chopewel_at_redwood.dn.hac.com>
The answer is: On HP-UX, not on DU, inetd.sec is an optional security file.
The background to my question:
An external auditor wants me to install the above file, which I
couldn't find in the manpages.
Because we are on DIGITAL UNIX, it's impossible or useless,
to install it.
My question was:
> Hi,
>
> does anybody know a file named
> inetd.sec
> and what purpose is it for?
>
> Thanks in advance for any help.
> Manfred Baute
-------------------------------------------
Some answers:
From: Kristian Koehntopp <DELETETHIS.KRIS_at_koehntopp.de>
I know that the HP/UX inetd employs a file inetd.sec to achive
with builtin functionality what other Unices have to do with
tcp wrappers. With inetd.sec one can limit the accessibility of
certain services to certain ip addresses. I don't have a HP/UX
system handy and don't know the syntax of this file.
Does Digital Unix use inetd.sec for this purpose, too? Or is it
just a file somebody copied onto the system assuming that all
Unices are configured identically?
Kristian
-----------------------------------------------------------------
From: Craig C. Hopewell <chopewel_at_redwood.dn.hac.com>
On HP-UX inetd.sec is an optional security file, the following is
from the HP-UX man page for inetd.sec.
- When inetd accepts a connection from a remote system, it checks the
- address of the host requesting the service against the list of hosts
- to be allowed or denied access to the specific service (see
- inetd(1M)). The file inetd.sec allows the system administrator to
- control which hosts (or networks in general) are allowed to use the
- system remotely. This file constitutes an extra layer of security in
- addition to the normal checks done by the services. It precedes the
- security of the servers; that is, a server is not started by the
- Internet daemon unless the host requesting the service is a valid host
- according to inetd.sec.
I've only seen the file on HP-UX and we don't use it on our Sun's.
Craig
Received on Mon Apr 21 1997 - 23:26:15 NZST