ATTENTION !
La commande 'securetcpip', lancée sans argument, a pour but de sécuriser le réseau du serveur. La commande va désactiver un certain nombre de commandes réseau telles que : rcp, rlogin, rlogind, rsh, rshd, tftp, and tftpd.
Puis , la commande met à jour le fichier '/etc/security/config' .
A utiliser en bonne connaissance de cause, et après une sauvegarde 'mksysb' correcte.
Ci-dessous la version officielle et anglaise.
securetcpip Command
Purpose
Enables the operating system network security feature.
Syntax
securetcpip
Description
The securetcpip command provides enhanced security for the network. This command performs the following:
- Runs the tcbck -a command, which disables the nontrusted commands and daemons: rcp, rlogin, rlogind, rsh, rshd, tftp, and tftpd. The disabled commands and daemons are not deleted; instead, they are changed to mode 0000. You can enable a particular command or daemon by re-establishing a valid mode.
- Adds a TCP/IP security stanza to the /etc/security/config file. The stanza is in the following format:
tcpip:
netrc = ftp,rexec /* functions disabling netrc */
Before running the securetcpip command, acquiesce the system by logging in as root user and executing the killall command to stop all network daemons.
Attention: The killall command kills all processes except the calling process. If logged in or applications are running, exit or finish before executing the killall command.
After issuing the securetcpip command, shut down and restart your system. All of your TCP/IP commands and network interfaces should be properly configured after the system restarts.
Files
/etc/security/config | Contains information for the security system. |
/etc/security/sysck.cfg | Contains file definitions for the trusted computing base. |