Disabling the telnet interface, Listeners, Removal of unused listeners – HP StorageWorks MSA 2.8 SAN Switch User Manual

Basic Security in FOS

95

Fabric OS Procedures Version 3.1.x/4.1.x User Guide

Disabling the Telnet Interface

From a security standpoint, with the addition of SSH, the telnet interface is no
longer necessary to manage the switch. Some customers may wish to disable
telnet to prevent a user from passing cleartext passwords over the network when
logging in to the switch. The

configure [telnetd]

command is provided

to allow customers to disable the telnet interface. The default configuration of the
switch will ship with telnet enabled.

For more information on the

configure

command, refer to the HP

StorageWorks Fabric OS Version 3.1.x/4.1.x Reference Guide.

1. Log in to the switch as Admin.

2. Enter

configure [telnetd]

at the command line.

This configure command can be run with the switch enabled.

3. Press Enter

.

The Telnet interface is disabled.

SNMP, HTTP, API, RSNMP, WSNMP, SES, and MS are managed through their
respective policies when security is enabled. Refer to the HP StorageWorks Secure
Fabric OS Version 1.0 User Guide for information.

Listeners

In order to make the Fabric OS more secure, the principal has been adopted that
the Linux subsystem should provide only the minimal necessary functionality
required to implement supported features and capabilities.

Removal of Unused Listeners

Changing the principal to provide the minimum Linux subsystem functionality
required that a number of listeners be removed from this version of the Fabric OS.

Some listeners are required for CP to CP communications on the internal network
of the Core Switch 2/64. These listeners are blocked on the Core Switch 2/64, and
are not started on the SAN Switch 2/32.

Table 5: Removed Listeners for the Core Switch 2/64 and SAN Switch 2/32

Listener Name

Core Switch 2/64

SAN Switch 2/32

chargen

Do not start

Do not start

echo

Do not start

Do not start

daytime

Do not start

Do not start