HP UX Internet Express Software manual Testing TCP Security Modifications

Page 169

3.From the TCP Wrapper Administration menu, choose Display/Update Configuration to display a list of the services available on your system and the current access settings for each service.

4.Select the service for which you want to modify access. The TCP Wrapper Service Management form shows the current security setting for the service you chose and offers the settings described in Table 27.

Table 27 Network Service Access Options

Access Type

Description

everybody

Anyone on the network is granted access to the service

nobody

No user on the network is granted access to the service

local domain

Only those in the local domain are granted access to the service

customized

Anyone on the network matching the domain name(s), hostname(s), IPv4 address(s), or

 

IPv6 address(s) listed in the access list is granted or denied access to the service,

 

depending on the access control keyword (ALLOW or DENY) that you specify. See the

 

hosts_access(5) reference page for information on access list syntax.

5.Select the access setting you want to apply to the service and click on Submit.

Figure 42 shows the TCP Wrapper Service Management form for the remote login server (rlogind). To deny access to rlogind for all users on your system, select the option button for “Access is allowed for nobody? and click Submit.

Figure 42 Remote Login Server Dialog

To customize access to a service, select the option button for “Access is customized? and enter the access specification string in the accompanying field. For example:

foo.fsu.edu abc.company.com:ALLOW

In this example, any user in either the foo.fsu.edu or abc.company.com domain is allowed to log in remotely.

Note:

The access specification string must conform to the syntax described in the hosts_options(5) reference page, except that you do not specify the daemon_list argument.

Testing TCP Security Modifications

After you modify access to a service, follow these steps to test the modification:

TCP Wrapper Administration 169

Image 169
Contents Abstract Internet Express for Tru64 Unix VersionPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 XML Component Administration 164 Web Services Administration 155Network Security Administration 167 Ldap Directory Server Administration 195 Proxy Services Administration 190FTP Server Administration 213 OpenSLP Administration 207Samba File and Print Server Administration 216 Internet Relay Chat Administration 248 InterNetNews Server Administration 225Bind Domain Name Server Administration 260 PostgreSQL Database and MySQL Administration 249Jabber 265 Twiki 266Intended Audience About This DocumentDocument Organization Typographic Conventions CommandComputer output User inputReading Documentation Using the Public Web Server Reading Documentation Using the Administration UtilityRelated Information Reading the DocumentationReading Reference Pages for Internet Express Components Reading Documentation from the Internet Express CD-ROMOn a Tru64 Unix System On a PCReading the Open Source Software Component Documentation Readers Comments# man -M /usr/news/man active.5 Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityAdministration Utility Menu Options and Tasks Using the Administration Utility Main MenuNavigating the Administration Utility Registering Your Internet Express InstallationUsing Administration Utility Forms Register OnlineSample Administration Utility Form Internet Express Accounts and Ports Accessing Administration ServersPort Number Description 8081 Internet ExpressAccessing and Managing the Internet Monitor Accessing the Internet Express Login AccountManaging Internet Express in a TruCluster Environment Using Internet Express Services in a Cluster Installing and Removing ComponentsTruCluster Impact on Internet Express Administration Keywords for URL Line Installing and Removing ComponentsHostname of the local host Port number from the current Web serverPerforming Web-Based System Management Accessing Web-Based System Management ToolsAccessing Web-Based System Management Tools Tuning Kernel Attribute ValuesUsing the Administration Utility Internet Express and AlphaServer Products Web Sites Where to Find More InformationOpen Source Software Web Sites Firefox ExpectFreeRADIUS GnuPGJabber IRC ServerLynx Web Browser Majordomo Automated Internet Mailing Lists ManagerOpenLDAP MySQLOpenSLP PerlProcmail Mail Filtering Language PostgreSQL Relational Database Management SystemPure-FTP Server Samba File and Print ServerSystem Security Web Sites Applications Other Useful Web SitesInterNIC MicrosoftEncompass Manage Users Menu User AdministrationOverview of User Accounts User AdministrationPurging Obsolete Passwords Assigning Passwords to User AccountsSpecifying User Names Overview of User AccountsSearching for User Accounts Searching for User AccountsSelecting User Accounts Assigning Users to GroupsShows the Create Named User Account form Creating Captive Accounts for Named UsersCreating a Named User Account Creating Captive Accounts for Generic UsersCreating Generic User Accounts Creating a Noncaptive Account for a Unix System UserCreating a Noncaptive Account for a Unix System User To create a group, see Section Creating GroupsCreating a System User Account Creating GroupsCreating Groups Displaying User Account InformationDisplaying User Account Information Deleting User AccountsChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning POP with Password Mail Service Assigning Regular Delivery Mail ServiceChanging Mail Services for Users Assigning Cyrus Imap with Password Mail Service Assigning the Cyrus Imap Mail ServiceManaging the iass Account Assigning Apop with Password Mail ServiceChanging the iass Account Forwarding Address Managing the .users.list FileListing User Accounts and Passwords Managing the User Self-Administration FeaturePurging Passwords for User Accounts Removing the .users.list FileManaging the User Self-Administration Feature Enabling and Disabling the User Self-Administration FeatureManage User Self-Administration Menu Configure Web Server for Self-Administration Form Modifying the Web Server ConfigurationModify Web Server Configuration Enabling and Disabling Login DelaysAdding Groups Managing User Self-Administration GroupsAdding Groups Deleting and Modifying GroupsEnabling and Disabling Groups Customizing the User Self-Administration FeatureUser Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication User Authentication Example 1 Security Matrix Enabled for LdapLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Value of searchbase Value of machinedn Value of machinepass Creating BranchesUserbranch ou=accounts,searchbase Extended Ldap Schema for Unix Account InformationIndexing Attributes for the Directory Servers Adding Indices for OpenLDAP Configuring the Ldap Module for System AuthenticationLdap Database Index Types Configuring the Ldap Module for System Authentication Modifying the Ldap Module ConfigurationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Importing and Exporting Users from /etc/passwd Testing the Ldap Module ConfigurationEnabling and Disabling the Ldap Module Importing Users from NIS Importing Users into the Directory ServerExporting Users from the Directory Server Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities Remove login names from all groups Remove login names from specified groupFile in which to store search results the default is Authentication mechanismExtracting Users from the /etc/passwd File Checking the Ldap Server ConfigurationAdding a User Entry Retrieving a User Entry Deleting a User EntryAdding a Group Entry Synchronizing with a Password FileLdapsyncuser -b branch filename Deleting a Group Entry Maintaining Group MembershipRetrieving a Group Entry Setting a Users Password in the Ldap Directory ServerStarting the ldapcd Daemon Ldapgetgroup -b branch -f input-fileStopping the ldapcd Daemon Maintaining the Ldap Directory Server Using Ldap CommandsAdding Entries to an Ldap Database Modifying Entries in an Ldap DatabaseFiles Modified by theLDAP Module for System Authentication Authentication Actions PerformedOverview of the Ldap Client Actions Performed by the Ldap ClientBehavior of the the ldapdc Daemon Operation of login/suDebugging ldapdc Etc/ldapusers.allow# su user1 Sendmail Server Administration Mail Delivery AdministrationMail Delivery Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Mail Client Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Server Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Sendmail Server Administration Changing the Sendmail Server ConfigurationPSInet see Section Configuring the X.25 Protocol Configuring Mail ProtocolsThrough Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the DECnet Phase IV Protocol Configuring the MTS ProtocolConfiguring the DECnet/OSI Protocol Configuring the X.25 Protocol Configuring the Uucp ProtocolAccessing the Configure Masquerading Form Configuring MasqueradingRoot Postmaster News Uucp Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Your System for MasqueradingExample 4 Sample Virtual Domain Table Configuring Virtual Domains# makemap btree virtusertable virtusertable Enabling Anti-Virus Enabling Procmail as a Local MailerConfiguring Relaying Configuring Anti-SpamExample 5 Sample Access Database for the Sendmail Server Configuring the Access DatabaseConfiguring an Access Database Configuring Checking on Senders Information Configuring LdapShows the Configure Ldap form Configuring Mail Filters MilterSocket inet1099@remotehost.com Socket local/var/run/f1.sockSocket inet61066@myhost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Adding a Queue Configuring QueuesModifying a Queue Group # sendmail -bt -q queue-nameDeleting a Queue Group Queue Timers Configuring Queue PerformanceGeneral Queue Properties Sendmail Timers Configuring Trusted Layer SecuritySendmail Tunable Parameters Certificate Issuer One that issues certificates a CA Certificate DefaultsTLS Certificate Values Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database Marked as permanent VERIFYbits CIname Sendmail Server AdministrationFailure marked as temporary SideControlling the Sendmail Server Configuring Mailbox AccessRelay or Subject Majordomo Mailing List Administration Majordomo Mailing List AdministrationViewing the Sendmail Server Log Creating a Majordomo Mailing ListChanging List Owner or Charter Changing a Majordomo Mailing List ConfigurationChanging Subscription Parameters Changing Administration ParametersChanging Message Content Parameters Changing Digest Parameters Changing Command Access ParametersChanging List Restriction Parameters Changing Moderated List ParametersDeleting a Majordomo List MailmanChanging Address Processing Parameters MailmanCreate a Mailing List Creating the Initial Mailman List Using a ScriptDeleting a Mailing List Managing MailmanMailman Mailing List Administration Menu Mailman Scripts Bogofilter Spam FilterMailman Log Files Training BogofilterFiltering with Bogofilter Using Bogofilter with procmailFilter Integration with Other Tools Bogofilter/wordlist.dbPine Integration with Bogofilter Mutt Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter POP Mail Server Administration Mail Access AdministrationControlling the POP3 Server Controlling the POP2 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for Cyrus Imap Setting Up a Unix User Account for UW ImapConverting Imap Mail Folders Controlling the UW Imap Server Controlling the Cyrus Imap ServerUsr/dt/bin/mailcv -evdt -I -f foldername directoryname user Usr/dt/bin/mailcv -I -t -f ./bar dukeViewing the Imap Server Log Configuring SSL for UW-IMAPIMP Webmail Administration IMP Webmail AdministrationEnabling and Disabling IMP Webmail Accessing the IMP Webmail Administration MenuEnable/Disable IMP Webmail Managing Mail Server SettingsModifying the Mail Server List IMP Mail Server SettingsAdding a Mail Server IMP Mail Server List Settings Modifying a Mail Server Managing Mailbox SettingsDeleting a Mail Server IMP Mailbox Settings Managing Compose SettingsIMP Compose Settings Managing Message SettingsPreference settings IMP Message Settings Managing Logging SettingsIMP Logging Settings Preference Driver Settings Managing Preference Driver SettingsManaging Horde Settings Managing Miscellaneous IMP SettingsMiscellaneous IMP Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings IMP Turba Settings Using IMP Upgrade ToolsSetting Description Enabled Have access to their addressbookUpgrading IMP Databases Upgrading IMP ConfigurationsIMP Database Upgrade Settings Additional Webmail Documentation Accessing IMP WebmailNew Preference Table Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Internet Express Ports and URLs Accessing the Secure Web ServersConfiguration Files for Secure Web Servers Changing Configuration ParametersWeb Server Management ServerHttpd.conf Srm.conf Access.conf Changing the Password for the Administration Web ServerHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Documentation Searching the IndexHttp//hostname/htdig/search.html Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Apache Cocoon Servlet Administration Apache Axis Server AdministrationApache Axis Server Administration Managing the Apache Axis ServerEnabling and Disabling the Cocoon Servlet Managing the Apache Cocoon ServletViewing the Cocoon Log Files TCP Wrapper Administration Network Security AdministrationNetwork Services Wrapped by Internet Express Network Services Wrapped by Internet ExpressModifying Access to a Wrapped Network Service Controlling Access to Other Network ServicesNetwork Service Access Options Testing TCP Security ModificationsFireScreen Administration Menu FireScreen AdministrationFireScreen Administration Installing FireScreenEtc/rc.config file Checking FireScreen Installation PrerequisitesFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Configure FireScreen Menu Setting Command-Line OptionsSet Options Confirmation Adding a Screening Rule Setting the Screening ModeAdd New Screening Rule Form Deleting a Screening Rule Checking Syntax of Screening RulesStarting FireScreen Starting and Stopping FireScreenStopping FireScreen Start/Stop FireScreen Form with Restart Option EnabledViewing FireScreen Screening Rules Viewing FireScreen StatusViewing the FireScreen Log Viewing FireScreen Statistics Snort Intrusion Detection SystemUsr/internet/docs/snort Snort documentation Configuring Snort Preprocessor Configuring Snort DecoderOption Disable Decode Alert Snort -vd -l ./logRunning Snort FreeRADIUS Server AdministrationViewing Alert Messages Understanding FreeRADIUS Configuration Files Considerations While Installing FreeRADIUSStarting and Stopping the FreeRADIUS Server Users FileClients.conf file Configure --disable-shared make make installRadiusd.conf file Viewing FreeRADIUS Log File Dante Socks Server Administration Proxy Services AdministrationProxy Services Administration Controlling the Dante Socks ServerConfiguring the Dante Socks Server Squid Proxy/Caching Server AdministrationAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationReinitializing the Disk Cache Configuring the Squid Proxy/Caching ServerManaging the Squid Proxy/Caching Server Rotating Log Files Displaying Access StatisticsControlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Ldap Directory Server Administration Using the Ldap BrowserExample 6 Ldap Standard Object Class Definition for Person Connecting to an Ldap Server Installing and Running the Ldap BrowserManaging Frequently Used Connections Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Disconnecting from an Ldap Server Using the Main Browsing WindowReconnecting to an Ldap Server Opening a New Main Window Controlling Client-Side Schema CheckingClosing a Main Window Viewing a Directory Entry in a Separate WindowModifying a Directory Entry Adding a New Directory EntryDeleting a Directory Entry Copying a Directory EntryMoving a Directory Entry Renaming a Directory EntryAdding Attributes Modifying AttributesManaging Directory Entry Templates Deleting AttributesCreating Entry Templates Modifying Entry TemplatesViewing the Attribute Schema Viewing the Object Class SchemaSearching the Directory User Configuration File Managing and Using the OpenLDAP Directory ServerConfiguring the OpenLDAP Directory Server Managing the OpenLDAP Directory ServerLdap Directory Server Administration Configuration Files and Examples OpenSLP AdministrationOpenSLP Overview Using the OpenSLP Configuration and Registration Files Configuring OpenSLPConfiguring Optional Security Configuring OpenSLP Running the ServicesConsiderations for Using SLP APIs Running the Example ConfigurationDocumentation DocumentationOpenSLP Administration Administering Pure-FTP Server FTP Server AdministrationAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountFTP Server Administration Enabling or Disabling Anonymous Pure-FTP AccessEnabling or Disabling chroot Upload /data/ftp /pub yes ftp daemonEnabling or Disabling Pure-FTP server Displaying Active Pure-FTP UsersOptions for Modifying the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationWorkgroup Understanding the smb.conf Configuration FileAdd the following value Configuring the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Share Parameters Configuring Global VariablesManage passwords see Section Administering Passwords Administering Passwords Viewing the Current ConfigurationControlling Printers Viewing the Status of the ServerSamba File and Print Server Administration 225 InterNetNews Server AdministrationInterNetNews Server Administration Specifying INN Configuration DataINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedRecommended Spool Space for News Articles Displaying an External NewsfeedArticle Retention Period Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying an External Newsfeed Modifying Newsfeed DefaultsRemoving an External Newsfeed Updating the Local Active File Managing Client AccessAdding a Client Access Group Displaying Client Access GroupsAccess Groups Form Fields Removing a Client Access Group Modifying an Existing Client Access GroupManaging Client Authentication Groups Displaying Client Authentication GroupsAdding Client Authentication Groups Client Authentication Groups Menu FieldsUsr/bin/news/auth/passwd Modifying Client Authentication GroupsConfiguring Storage Method Entries Configuring Storage OptionsDeleting Client Authentication Groups Configuring Storage OptionsAdding a New Storage Method Class Options on the Configure Storage MenuModifying a Storage Method Class Deleting a Storage Method Class Configuring the Cnfs Storage MethodDisplaying Cnfs Entries Adding New Cnfs EntriesModifying Cnfs Entries Displaying Article Expiration Definitions Managing Article ExpirationDeleting Cnfs Entries Managing Article ExpirationSpecific newsgroup for example, rec.photo Adding an Article Expiration DefinitionManaging Article Expiration Specifying an Article Expiration Definition Modifying an Article Expiration DefinitionDeleting an Article Expiration Definition Managing Local NewsgroupsModifying the Retention Period for Expired Articles Managing Local NewsgroupsCreating Local Newsgroups Viewing INN Log FilesDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerConfiguring IRC Internet Relay Chat AdministrationInternet Relay Chat Administration Controlling the IRC ServerInstalling PostgreSQL PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Starting and Stopping PostgreSQL ServerViewing the PostgreSQL Log File PostgreSQL Database and MySQL AdministrationAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories Using Existing PostgreSQL Accounts Setting up a Crontab Entry for Vacuuming DatabasesRunning the Postmaster Startup Script PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres stop Scaling PostgreSQL#/sbin/init.d/postgres start #ps -ef grep postmaster #/sbin/sysconfig -q ipcScaling PostgreSQL Directories and Files Established by MySQL Installation Administering MySQLStarting and Stopping MySQL MySQL DirectoriesMySQL Configuration Files Starting and Stopping the MySQL Server Using a Command LineViewing the MySQL Error Log MySQL Log FilesBind Overview Bind Domain Name Server AdministrationImportant Bind Files and Directories Bind Files and DirectoriesBind Binary File Directories Enabling Bind Bind Documentation Running the Bind Startup ScriptEnter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Starting TWiki TwikiTwiki Sample client server configuration Sample client server configurationStunnel Creating a Certificate of Authority Sendmail Supplemental InformationBackground OpenSSL Certificate Creation Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary Glossary273 FTPSee also Https 275 See TCP/IPIndex SymbolsIndex Web site, 30 external newsfeed adding Decus see Encompass deinstall.sh script277 Index Log file FireScreen viewing, 183 login account Ldap client, 87 Ldap commands279 Index Poppassd server controlling OpenLDAP Project Web site281 Screening mode, 178 screening rule FireScreen 283 TIN
Related manuals
Manual 34 pages 37.15 Kb