HP-UX Modification of the Boot Process

Modification of the Boot Process

Closely review the startup scripts and identify all unnecessary services. You will then want to stop these services from starting up by renaming the startup script file that can be found in /sbin/rc?.d. By renaming the link instead of deleting it, it will be easier if you have to invoke the process in the future. Please pay particular attention to insecure network services. You should be able to eliminate everything in /sbin/rc3.d.

____ Review /etc/rc.log to determine which processes are started on boot
____ Rename NFS-related links

/usr/bin/mv /sbin/rc2.d/S400nfs.core /sbin/rc2.d/.NOS400nfs.core

/usr/bin/mv /sbin/rc2.d/S430nfs.client /sbin/rc2.d/.NOS430fns.client

/usr/bin/mv /sbin/rc3.d/S100nfs.server /sbin/rc3.d/.NOS100nfs.server

____ Rename RPC link

/usr/bin/mv /sbin/rc2.d/S590Rpcd /sbin/rc2.d/.NOS290Rpcd

____ Rename Sendmail links

/usr/bin/mv /sbin/rc2.d/S540sendmail /sbin/rc2.d/.NOS540sendmail

____ If this is machine not going to be a DNS server, rename DNS link

/usr/bin/mv /sbin/rc2.d/S370named /sbin/rc2d/.NOS370named

____ Rename everything in /sbin/rc3.d

/usr/bin/cd /sbin/rc3.d

for file in S*

mv $file .NO$file

done

Create a script to ensure that the startup scripts run with a proper umask [14]

____ /usr/bin/echo ‘umask 022’ > /sbin/init.d/umask.sh
____ /usr/bin/chmod 744 /sbin/init.d/umask.sh
____ Add umask.sh to startup script directories by running the following script

/usr/bin/umask 022

for d in /sbin/rc?.d

/usr/bin/ln –s /sbin/init.d/umask.sh $d/S000umask.sh

done

Inetd is the internet daemon that controls access to network services that are started on an as needed basis. Many of the services are considered unsafe. Therefore it is very important to review these services and disable ones that are not absolutely necessary. The Berkley "r" programs have a long history of abuse so make sure that shell and login services are disable. You may also want to consider disabling bootps, exec, ntalk, echo and charge. In fact the ideal situation would be not to run inetd at all. (If inetd is not running you will not have remote access to the machine, until ssh is installed and configured)

____ Disable inetd – Preferred method

/usr/bin/mv /sbin/rc2.d/S500inetd /sbin/rc2d/.NOS500inetd

/usr/bin/rm /etc/inetd.conf

____ inetd enabled – but with all unnecessary disabled

/usr/bin/vi /etc/inetd.conf

comment out (place # at the beginning of a line) all unnecessary services

/usr/bin/kill –HUP inetd

Technical Help

Please find our other blogs which related to technical and devotional. We are a team grabing information from technical support forms where many issues solved by real time experianced people in the support forums. most of the issues are fixed by our best fallowers. Our team is working in top MNC companies located in all over India in different technolagies, here we share real time issues and help documents. like Troubleshooting steps, documentation, whitepapers, SOP's and many more, .

Any one can contribute here with your real time issues, though it help to others to find and fix before they fight with support folks.

Technical Help

HP-UX Modification of the Boot Process

Related Posts

No comments