[FW1] unnecessary services on AIX (running FW-1)?

Joe Voisin Thu, 03 Aug 2000 09:27:47 -0700

I have a bunch of services running on the firewall that I would like to
disable.  Some of which I don't know if I should.

Of these processes, which should I be turning off?

/usr/sbin/syncd 60
alertd -A -l
/usr/bin/AIXPowerMgtDaemon
/usr/lpp/diagnostics/bin/diagd
/usr/lib/errdemon
/usr/sbin/dpid2
/usr/sbin/writesrv
/usr/sbin/portmap
/usr/sbin/uprintfd
/usr/sbin/qdaemon
/usr/IMNSearch/httpdlite/httpdlite -r /etc/IMNSearch/httpdlite/httpdl
/usr/lpp/x_st_mgr/bin/x_st_mgrd -b /usr/lpp/x_st_mgr/bin/x_st_mgrd.cf

They don't really pose a security risk as the firewall doesn't allow any
connections to itself directly, but I would like to try and reduce the load
on the machine as much as possible.  

I am working on the following script to lock things down a bit...

cp /etc/inittab /etc/inittab/orig-backup
for b in rcnfs piobe qdaemon writesrv uprintfd adsmsched; do rmitab $b; done
cd /etc
cp rc.tcpip rc.tcpip.orig-backup
sed -e 's/^start /#start /' rc.tcpip.orig-backup > rc.tcpip
echo start /usr/sbin/syslogd "$src_running" >> rc.tcpip
echo start /usr/sbin/inetd "$src_running" >> rc.tcpip
echo start /usr/sbin/xntpd "$src_running" >> rc.tcpip
cp inetd.conf inetd.conf.orig-backup
egrep "/rsh|/ftp|/telnet" inetd.conf.orig-backup > inetd.conf
for c in uucp guest lpd; do rmuser -c $u;done
for d in uucp printq; do rmgroup $d; done
usrck -y ALL
grpck -y ALL
pwdck -y ALL
echo /usr/sbin/no -o clean_partial_cons=1 >> /etc/rc.local.net
echo /usr/sbin/no -o ipsendredirects=0 >> /etc/rc.local.net
echo /usr/sbin/no -o nonlocsrcroute=0 >> /etc/rc.local.net
echo /usr/sbin/no -o bcastping=0 >> /etc/rc.local.net
echo /usr/sbin/no -o tcp_mssdflt=1370 >> /etc/rc.local.net
echo /usr/sbin/no -o icmpaddressmask=0 >> /etc/rc.local.net
echo /usr/sbin/no -o udp_pmtu_discover=0 >> /etc/rc.local.net
echo /usr/sbin/no -o tcp_pmtu_discover=0 >> /etc/rc.local.net
echo /usr/sbin/no -o directed_broadcast=0 >> /etc/rc.local.net
echo /usr/sbin/no -o ipignoreredirects=0 >> /etc/rc.local.net
echo /usr/sbin/no -o ipsrcroutesend=0 >> /etc/rc.local.net
echo /usr/sbin/no -o ipsrcrouterecv=0 >> /etc/rc.local.net
echo /usr/sbin/no -o ipsrcrouteforward=0 >> /etc/rc.local.net
echo /usr/sbin/no -o ip6srcrouteforward=0 >> /etc/rc.local.net
chmod +x /etc/rc.local.net
mkitab "rclonet:2:once:/etc/rc.local.net > /dev/console 2>&1"
mkitab "adsmsched:2:once:/usr/lpp/adsm/bin/dsmc sched -password=secret >
/dev/null 2>&1"


======================================================================
Joseph Voisin, Systems Administrator, Engel Canada Inc. 
www.engelmachinery.com | [EMAIL PROTECTED] | (519)836-0220 x436 
 PGP Fingerprint: A20B 135D 0920 074F C7FE  D72D 88A7 2521 5138 DFC2 
======================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
[FW1] unnecessary services on AIX (running FW-1)?

Reply via email to
