[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000901: McIDAS ADDE and port 503 (cont.)

Subject: 20000901: McIDAS ADDE and port 503 (cont.)
Date: Fri, 01 Sep 2000 14:47:23 -0600

>From: "Thomas L. Mote" <address@hidden>
>Organization: University of Georgia
>Keywords: 200008130142.e7D1gkN00099 McIDAS-X ADDE port 503

Tom,

>I made the changes to the inetd.conf file.

Did you send a HUP to inetd?  I am sure you realize you have to do
this to tell inetd to reread its configuration file, /etc/inetd.conf.

>There appears to 
>be a lot of other junk in the services that I will want to 
>shut down. I'll need to talk to our computing people about 
>security for LINUX. 

Yes, there is.  Our system administrator gave me quite the long list
of things to turn off on my Linux system at home.  I just talked to
him again, and he says to basically shut down everything that is not
generally used.  On one of our RedHat 6.2 Linux systems, this boils
down to keeping:

ftp stream  tcp nowait  root    /usr/sbin/tcpd  in.ftpd -l -a
telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
shell   stream  tcp nowait  root    /usr/sbin/tcpd  in.rshd
login   stream  tcp nowait  root    /usr/sbin/tcpd  in.rlogind
swat      stream  tcp     nowait.400      root /usr/sbin/tcpd 
/opt/samba-tng/sbin/swat
mcserv  stream  tcp nowait.400  mcadde  /home/mcidas/bin/mcservsh  mcservsh  -H 
/home/mcidas
mccompress  stream  tcp nowait.400  mcadde  /home/mcidas/bin/mcservsh  mcservsh 
 -H /home/mcidas

>I can't say for sure that the udp entry was what made the 
>difference, but I think it was the only thing I changed 
>between unsuccessful and successful attempts to telnet to 
>503.

It just doesn't make any sense to me because McIDAS uses TCP only.

>Let me know if you learn anything about the DSINFO business.

We need to run the same test after your mods to /etc/inetd.conf have been
reread by inetd. <later>  I just logged on and reran the test:

cd workdata
dsinfo.k ALL

This time I got no 'TCP write failed' message.  Perhaps the modification
of the 'nowait' in /etc/inetd.conf to 'nowait.255' did the trick.
By the way, you can see from my inclusion above that you may want to
increase this number if you are planning on doing a lot of simultaneous
ADDE transactions on cacimbo.

For now, I can display all of your GINI imagery nicely.

>Thanks again.

You are welcome.

>P.S. No problems with your being on during my class. ;-)

Good.  The machine seemed nice and fast, so I didn't expect any.

Have a great weekend!

Tom

Prev by Date: 20000901: McIDAS ADDE and port 503 (cont.)
Next by Date: 20000904: problems unpacking McIDAS-X update
Previous by thread: 20000901: McIDAS ADDE and port 503 (cont.)
Next by thread: 20000904: problems unpacking McIDAS-X update
Index(es):
- Date
- Thread