19 Apr
2001
19 Apr
'01
6:01 p.m.
On Apr 19, 13:21, healyzh(a)aracnet.com wrote:
telnet
over to my machine?
Security by obscurity is no security at all. OK, in this case it may be
more a question of convenience, but if Ram has the access (ie, access to
the root account) to do all these things, he would be better to either do
as Gene suggested and "touch /etc/nologin" (or put some text in it: the
contents are printed by login before it closes the connection), or to do it
properly and run tcpwrappers, with suitably set up /etc/hosts.allow and
/etc/hosts.deny files -- then he can control who can connect, from where,
and using which protocols (telnet, rlogin, rsh/rcp, ftp, ssh, etc).
If you *are* thinking of security, remember that inetd only controls some
network services -- some, like SMTP, HTTP, SNMP and others, normally run as
daemons in their own right.
--
Pete Peter Turnbull
Network Manager
Dept. of Computer Science
University of York
> I have a
Solaris 2.6 Ultra-10 at work and I want to prevent users
from logging into my
machine. I dont want
> > to run in single-user mode. Is there a way to disable rlogin or >
> Edit /etc/inetd.conf and comment out the shell, login, exec, telnet and
ftp
lines. As a
matter of fact, comment everything else out as well.
Eric
Comment everything out and the question becomes, is the box still usable?
Also it may be desirable to leave either telnet or ssh running, but move
them to a non-standard port. That way he can access his own system
remotely.