19 Apr
2001
19 Apr
'01
6:15 p.m.
Pete Turnbull wrote:
Security by obscurity is no security at all. OK, in
this case it may be
more a question of convenience, but if Ram has the access (ie, access to
the root account) to do all these things, he would be better to either do
as Gene suggested and "touch /etc/nologin" (or put some text in it: the
contents are printed by login before it closes the connection), or to do it
properly and run tcpwrappers, with suitably set up /etc/hosts.allow and
/etc/hosts.deny files -- then he can control who can connect, from where,
and using which protocols (telnet, rlogin, rsh/rcp, ftp, ssh, etc).
If you *are* thinking of security, remember that inetd only controls some
network services -- some, like SMTP, HTTP, SNMP and others, normally run as
daemons in their own right.
I forgot about tcpwrappers. Havent used that in years. We used this on our
internet
gateway. This isnt about security, but to prevent annoying developers who bog
down
my machine (and doing so prevent me from developing my applications). The
inetd
solution is very quick and easy for me. Installing tcpwrappers and managing
that would
be way too much work for me. But thanks for the suggestion....
Ram
One happy camper....
--
,,,,
/'^'\
( o o )
-oOOO--(_)--OOOo-------------------------------------
| Ram Meenakshisundaram |
| Senior Software Engineer |
| OpenLink Financial Inc |
| .oooO Phone: (516) 227-6600 x267 |
| ( ) Oooo. Email: rmeenaks(a)olf.com |
---\ (----( )--------------------------------------
\_) ) /
(_/