Default | Y |
Description | The bootpd daemon implements three functions; a DHCP server, an Internet |
| Boot Protocol (BOOTP) server, and a DHCP/BOOTP relay agent. If this system |
| is not a BOOTP/DHCP server or a DHCP/BOOTP relay agent, HP recommends |
| disabling this service. |
Actions | Comment out the entry for bootp in the /etc/inetd.conf file. |
SecureInetd.deactivate_builtin
Headline | Ensure that the inetd |
Default | N |
Description | The inetd |
| These services are rarely used and when they are it is generally for testing. |
| The UDP versions of these services can be used in a Denial of Service attack |
| and therefore HP recommends disabling these services. |
| The daytime service sends the current date and time as a |
| character string (RFC 867). The discard service throws away anything that |
| is sent to it, similar to /dev/null (RFC 863). The chargen service character |
| generator sends a stream of some undefined data, preferably data in some |
| recognizable pattern (RFC 862). The echo service returns the packets sent to |
| it (RFC 862). |
Actions | Comment out the entries for daytime, echo, discard, and chargen in the |
| /etc/inetd.conf file. |
SecureInetd.deactivate_dttools
Headline | Ensure the inetd CDE helper services do not run on this system. |
Default | N |
Description | The dtspcd, ttdbserver, and cmsd services are used by CDE. Each service |
| has merits, but they are all rarely used and mostly deprecated. |
Actions | In the /etc/inetd.conf file, comment out the entries for: |
| • dtspc stream tcp nowait root /usr/dt/bin/dtspcd |
| /usr/dt/bin/dtspcd |
| • rpc xti tcp swait root /usr/dt/bin/rpc.ttdbserver |
| 100083 1 /usr/dt/bin/rpc.ttdbserver |
| • srpc dgram udp wait root /ur/dt/bin/rpc.cmsd 100068 |
|
SecureInetd.deactivate_finger
Headline | Ensure the inetd finger service does not run on this system. |
Default | Y |
Description | The server for the RFC 742 Name/Finger protocol is fingerd. It provides a |
| network interface to finger, which gives a status report of users currently |
| logged in the system or a detailed report about a specific user. For more |
| information about the finger command, see finger(1). HP recommends disabling |
| the service because fingerd provides local system user information to remote |
| sources and this can be useful to someone attempting to break into your system. |
Actions | In the /etc/inetd.conf file, comment out the entry for finger. |
SecureInetd.deactivate_ftp
Headline | Ensure that the inetd FTP service does not run on this system. |
Default | N |
56 Question modules