srvtab

The granting and denial of access privileges by the CommKit Host Interface on a called LCS60 is controlled entirely by the server table on the called LCS60. An incorrect or incomplete server table can cause serious security problems by allowing unauthorized access to system files and resources.

This section describes the facilities available through the /etc/opt/dk/srvtab server table and provides the user with several suggestions to make the network connections more secure. A high degree of security is ensured by editing server table files.

Caution: The sample /etc/opt/dk/srvtab files distributed with the CommKit Software are not intended to be used as provided and do not pro- vide the customer with a high degree of security as the default. The customer must customize the example server table files to achieve the desired level of security.

Server Table

The directory /etc/opt/dk/srvtab and associated files (referred to as the server table) are used to validate incoming call requests and map them into processes on the called host. The server table can be tailored to restrict the types of calls permit- ted. All incoming calls must be mapped by means of the server table; there are no privileged calls that can bypass this procedure.

The server table is a directory containing files whose names correspond to the names of requested services. For example, /etc/opt/dk/srvtab/pupu is the name of the file used for the file transfer service, pupu.

Comments are indicated by a # character in the first column and are ignored dur- ing call validation and mapping. Use comments to describe the function of map- ping lines. You may also use comments to disable mapping lines without remov- ing them from the file.

Mapping lines in srvtab table consist of six tab-separated fields:

Appendix A

Issue 3

A-1

Page 269
Image 269
HP LCS60 manual Srvtab, Server Table