Environment
NetIQ eDirectory
Situation
In certain cases, it might be desirable to disable the ability to access to iMonitor or Dhost by way of the httpstk.
Resolution
To prevent libhttpstk from being loaded by flaim, move the library and it's symbolic links to another directory.
EXAMPLE:
#mkdir /opt/novell/eDirectory/lib64/nds-modules/tmp
#mv /opt/novell/eDirectory/lib64/nds-modules/libhttpstk* /opt/novell/eDirectory/lib64/nds-modules/tmp
NOTE:
Also modify the /etc/opt/novell/eDirectory/conf/ndsmodules.conf and comment out the entry httpstk
ALSO:
Be aware that installing packages/upgrades will add the modules back to the nds-modules directory, so the process will need to be verified/repeated each time an installation occurs.
EXAMPLE:
#mkdir /opt/novell/eDirectory/lib64/nds-modules/tmp
#mv /opt/novell/eDirectory/lib64/nds-modules/libhttpstk* /opt/novell/eDirectory/lib64/nds-modules/tmp
NOTE:
Also modify the /etc/opt/novell/eDirectory/conf/ndsmodules.conf and comment out the entry httpstk
ALSO:
Be aware that installing packages/upgrades will add the modules back to the nds-modules directory, so the process will need to be verified/repeated each time an installation occurs.
Cause
Flaim loads the httpstk module if it wasn't configured to auto load in
the ndsmodules.conf. Commenting the httpstk out of the
ndsmodules.conf doesn't prevent the module from loading and still listening
on the HTTP and HTTPS ports (default 8028 and 8030)