Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Help

Status
Not open for further replies.
call

call

Technical User
Oct 31, 2000
127
US
I need to tighten up security on my risc box using
aix 4.3.3.10
Now if I go into the ect/rc.tcpip file
do I really need
syslog,sendmail,portmap,inetd,snmpd,dpid2
or can I turn them off

also what do I really need in the inittab

I have no user on the aix side they are all on the software
side. need help

Also I have a list it tells me to set proper network no option, were can I find them
like ipsendredirect
or ipsrcroutesend
or tcp_pmtu_discover

thank you
 
Sort by date Sort by votes
Hi call,

in rc.tcpip, the service you need depends on what you need for this box. syslog is used to log system messages(local and remote ones).sendmail is used to handle mail transport (smtp for example); if you don't need that disable sendmail. Portmap is used tho manage RPC services, such as NFS (in fact, it converts RPC program numbers into DARPA protocol port numbers).inetd handles most of TCP services (such as telnet, ftp, rexec, rsh, etc) which is configured in /etc/inetd.conf. If you need any of them, disable what you don need in inetd.conf, not in rc.tcpip. snmpd is used for simple management protocol. All depends on what you will need.
About network settings, it can be set whith /usr/sbin/no command. It will be active untill next reboot. youcan set it for reboot in /etc/rc.net. See the last lines of rc.net for examples on how to set network options. (no -a tell the current settings.)

In /etc/inittab. in theory you only need. Other than that are not essential for the system startup.

rc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot
powerfail::powerfail:/etc/rc.powerfail 2>&1 | alog -tboot > /dev/console # Power Failure Detection
rc:2:wait:/etc/rc 2>&1 | alog -tboot > /dev/console # Multi-User checks
fbcheck:2:wait:/usr/sbin/fbcheck 2>&1 | alog -tboot > /dev/console # run /etc/firstboot
srcmstr:2:respawn:/usr/sbin/srcmstr # System Resource Controller
rctcpip:2:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
diagd:2:eek:nce:/usr/lpp/diagnostics/bin/diagd >/dev/console 2>&1
logsymp:2:eek:nce:/usr/lib/ras/logsymptom # for system dumps
dt:2:wait:/etc/rc.dt
cons:0123456789:respawn:/usr/sbin/getty /dev/console

Any problems let me known

Regards,
HTT
 
Upvote 0 Downvote
Thank you it help alots
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mohamedazrin
  • Locked
  • Question
Need some help with extend the PP
Replies
1
Views
506
Andjey
Andjey
brittcams
  • Locked
  • Question
Need help with this script please 1
Replies
1
Views
144
w5000
w5000
generaal
  • Locked
  • Question
Samba security
Replies
0
Views
142
generaal
generaal
enuda
  • Locked
  • Question
SAR command sar -r in AIX showing wrong report? Can you help?
Replies
0
Views
121
enuda
enuda
sjcrane
  • Locked
  • Question
KSH script please help
Replies
4
Views
149
sjcrane
sjcrane

Part and Inventory Search

Sponsor

Back
Top