[HPADM] Summary: Unusual Problem

From: Johnson, Craig E (Craig.E.Johnson@icn.siemens.com)
Date: Wed Aug 13 2003 - 11:27:23 EDT

• Next message: Hazari Shyam (WQQ1SXH): "[HPADM] Summary: ct_query - EMC disks with NO_HW"
• Previous message: david fox: "[HPADM] Capacity Planning question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to all who responded. My question concerned a pingable machine that
wouldn't respond to telnet, ftp, or traceroute. This turned out to be IPSec
related, something I'm totally unfamiliar with. I've attached the offending
script below, which was being executed at startup after being called by
another S99.... script. Note the "block all incomming" line (I've found
this elsewhere as well, same programmer, same spelling error):
 
#!/usr/bin/ksh

# add after rtp start-up

IPSEC_CMD=/tmp/IpsecCmd$$

echo \# Allow Name server >>$IPSEC_CMD

if [ -f /etc/resolv.conf ]

then

grep "^nameserver" /etc/resolv.conf | awk '{

printf ( "{ saddr %s } bypass { dir in } \n", $2);

}'

fi >$IPSEC_CMD

echo \# Allow all out-going >>$IPSEC_CMD

echo { } bypass { dir out } >>$IPSEC_CMD

echo { saddr `uname -n` } bypass { dir in } >>$IPSEC_CMD

echo { saddr 127.0.0.1 } bypass { dir in } >>$IPSEC_CMD

echo >>$IPSEC_CMD

echo \# Block all incomming >>$IPSEC_CMD

echo { } permit { dir in encr_algs DES } >>$IPSEC_CMD

echo >>$IPSEC_CMD

echo \# Let SSH in >>$IPSEC_CMD

echo { dport 22 } bypass { dir in } >>$IPSEC_CMD

echo { sport 22 } bypass { dir in } >>$IPSEC_CMD

echo >>$IPSEC_CMD

echo \# Allow NTP server >>$IPSEC_CMD

if [ -f /etc/inet/ntp.conf ]

then

grep "^server" /etc/inet/ntp.conf | awk '{

printf ( "{ saddr %s dport 123 } bypass { dir in } \n", $2);

}'

fi >>$IPSEC_CMD

if [ -f /etc/bootparams ]

then

cat /etc/bootparams | grep -v "^#" | awk '{

printf( "{ saddr %s } bypass { dir in } \n", $1 );

}'

fi >>$IPSEC_CMD

echo \# Allow trusted hosts >>$IPSEC_CMD

if [ -f /export/home/sis/.AllowList ]

then

cat /export/home/sis/.AllowList | awk '{

if ( NF == 2 )

{

printf ( "{ saddr %s dport %s } bypass { dir in } \n", $1, $2);

} else

{

printf ( "{ saddr %s } bypass { dir in } \n", $1);

}

}'

fi >>$IPSEC_CMD

/usr/sbin/ipsecconf -f

/usr/sbin/ipsecconf -a $IPSEC_CMD -q

rm $IPSEC_CMDpsecconf -a $IPSEC_CMD -q

rm $IPSEC_CMD

Craig Johnson
Systems Administrator/Sr. Engineer
Siemens

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

• Next message: Hazari Shyam (WQQ1SXH): "[HPADM] Summary: ct_query - EMC disks with NO_HW"
• Previous message: david fox: "[HPADM] Capacity Planning question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:32 EDT