Table 26 Network Services Wrapped by Internet Express (continued)

Network Service

Default Access Setting

pop2

Allows you to run the POP2 (Post Office Protocol Version 2) e-mail server

poppassd

Allows you to change passwords

popper

Allows you to run the POP3 (Post Office Protocol Version 3) e-mail server

rexecd

Allows you to execute commands on a remote system

rlogind

Allows you to log in to a remote system

rpc.rwalld

Allows you to broadcast a message to all users logged in to a remote system

rpc.rstatd

Allows you to gather statistics on a remote host's operating system

rpc.rquotad

Returns quotas for a user of a local file system that is mounted by a remote system

 

over Network File System (NFS)

rpc.rusersd

Displays a list of users on a remote system

rpc.sprayd

Records the packets sent in a one-way stream to a remote system, including the

 

number of packets received on the remote system and the transfer rate

rshd

Runs a shell on a remote system

sendmail

Allows mail to be delivered between the local and remote systems

telnetd

Allows you to communicate with a remote system by means of a virtual terminal

tftpd

Supports the Trivial File Transfer Protocol (tftp), which transfers files to and from

 

a remote system

Controlling Access to Other Network Services

You can use TCP Wrapper to control access to network services other than those wrapped by Internet Express, and include these additional services in the list displayed on the Display/Update Configuration form, as follows:

1.Make sure an entry for the service exists in the /etc/inetd.conf file. The entry must not include the TCP Wrapper (/usr/sbin/tcpd).

2.Add an entry for the service in the /usr/internet/security/config.tcp file to provide a name and description to use on the Display/Update Configuration form. The following example shows the entry for the fingerd service:

The user information server for networks :fingerd

3.Edit the /usr/internet/security/hosts.allow file to specify the access setting for the service. The following example is the entry in the /usr/internet/security/ hosts.allow file for the fingerd service:

fingerd:ALL:ALLOW

4.Run the /usr/internet/security/install.sh script to add TCP Wrapper to the service's entry in the /etc/inetd.conf file, and to copy the modified /usr/internet/ security/hosts.allow file to /etc/hosts.allow.

You can use the /usr/internet/security/deinstall.sh script to remove the TCP wrapper from all services in the inetd.conf file.

Modifying Access to a Wrapped Network Service

To modify the access setting for a network service, follow these steps:

1.From the Internet Express Main menu, choose Manage Components.

2.From the Manage Components Menu, under Network Security, choose TCP Wrapper.

168 Network Security Administration

Page 168
Image 168
HP UX Internet Express Software manual Controlling Access to Other Network Services