How to prevent httpstk from loading and listening on the HTTP/HTTPS ports

  • 7014946
  • 22-Apr-2014
  • 22-Apr-2014

Environment

NetIQ eDirectory

Situation

In certain cases, it might be desirable to disable the ability to access to iMonitor or Dhost by way of the httpstk.


Resolution

To prevent libhttpstk from being loaded by flaim, move the library and it's symbolic links to another directory.

EXAMPLE:

#mkdir /opt/novell/eDirectory/lib64/nds-modules/tmp
#mv /opt/novell/eDirectory/lib64/nds-modules/libhttpstk* /opt/novell/eDirectory/lib64/nds-modules/tmp

NOTE:
Also modify the /etc/opt/novell/eDirectory/conf/ndsmodules.conf and comment out the entry httpstk

ALSO:
Be aware that installing packages/upgrades will add the modules back to the nds-modules directory, so the process will need to be verified/repeated each time an installation occurs.

Cause

Flaim loads the httpstk module if it wasn't configured to auto load in the ndsmodules.conf.  Commenting the httpstk out of the ndsmodules.conf doesn't prevent the module from loading and still listening on the HTTP and HTTPS ports (default 8028 and 8030)