I am being pushed from AIX onto RHEL 6 and after our first 'chuck it on' install, I have a problem. Where is the old (okay insecure) telnet & ftp server? I know that they are probably regarded as archaic now, but the source servers do not have the SSH tools, so I've got to somehow transfer the data.
Apart from this, I have CRT from VanDyke which is very nice, but the company will not pay the upgrade fee to get the SSH version, so that's going to be a pain.
I do have a closed network, so I'm not too worried about packet snooping.
For a 20+ year support of AIX (with forays into and eventually out of Solaris, SCO Unixware, Dynix, TI-UX) & HP-UX, I'm feeling especially vulnerable as I've never been so stuck. Internet searches send me all over the place without a good target.
I don't even have the client side tools installed.
Code:
# time find / -name telnet -o -name ftp
/var/ftp
real 0m0.40s
user 0m0.19s
sys 0m0.20s
# time find / -name telnetd -o -name ftpd
real 0m0.40s
user 0m0.19s
sys 0m0.21s
#
Any suggestions? (without laughing please)
If I can get the executables, I am happy to set up inetd.conf - oh no! Where's that gone now? What's all this almost empty /etc/inittab?
Despair! At least from HP-UX I've got the lvm commands such as vgdisplay.
I was aware of a reference sheet to ease conversions, but I can't seem to find that at the moment either. Maybe I'm just having a bad day.
Hi All,
I need to stop all the services for telnet & FTP as we want our
server to be more secure.
Please give me some steps for jumping to SSH protocol.
How can i disable telnet & ftp service on my server. (1 Reply)
Hi Users,
Kindly help me with below query of mine.
Using Red Hat Linux Enterprise Edition as the client how many simultaneous
1) Maximum FTP sessions are allowed
2) Maximum Telnet sessions are allowed
3) any special settings need to be enabled for maximum telnet and ftp sessions on... (2 Replies)
Hi Users,
Kindly help me with below query of mine.
Using Red Hat Linux Enterprise Edition as the client how many simultaneous
1) Maximum FTP sessions are allowed
2) Maximum Telnet sessions are allowed
3) any special settings need to be enabled for maximum telnet and ftp sessions on... (2 Replies)
Hi all,
I'm using the following script to automated ftp files to 1 ftp servers
host=192.168.0.1
/usr/bin/ftp -vi >> $bkplog 2>&1 <<ftp
open $host
bin
cd ${directory}
put $files
quit
ftp
and the .netrc file contain
machine 192.168.0.1
login abc... (4 Replies)
Hello all,
I am planning to deploy a configuration / auditing software package for about 100 new nodes that we are planning to install. I am hearing many good things in regards to cfengine and puppet. Can someone shed some light in regards to these solutions?
Thanks,
jaysunn (1 Reply)
Ok, Im trying to get NFS working on my RHEL 5 box, apparently i can use the box as a client, but not as a server. If it helps i cant ssh into the box (server), but as a client ssh works fine. Ive configured
server:
/etc/hosts.allow:
all : all
all :all@all
setup my /etc/exports file... (4 Replies)
RHEL 7.1 client using autofs to mount a NIS map of home directories being exported by a Solaris 10x86 nfs server.
The owner and group are correct on the NFS server, but on the RHEL client, the owner and group end up being nobody nobody. The USERS and GROUPS are NIS maps as well. They are... (2 Replies)
H Forum,
I was thankful in getting help from this post that allowed me to connect to multiple severs at once using here documents to gather data into variables. But I've discovered that the same bash command that works on my RHEL 7 servers do not work on RHEL 6? What's strange about my... (4 Replies)
Discussion started by: greavette
4 Replies
LEARN ABOUT OPENSOLARIS
sockd
SOCKD(8) System Manager's Manual SOCKD(8)NAME
sockd - Internet firewall secure socket server (proxy server)
SYNOPSIS
sockd [ -ver | -i | -I ]
DESCRIPTION
sockd is an internet secure socket server, often referred to as a proxy server. It was designed primarily to provide hosts within a fire-
wall access to resources outside of the firewall.
Normally, hosts inside a firewall has no IP-accessibility to the network outside of the firewall. This reduces the risk of being intruded
by unauthorized people from the Internet. Unfortunately, without IP-accessibility users on the inside hosts can no longer use many of the
important tools such as telnet, ftp, xgopher, Mosaic, etc. to access the tremendous resources available in the Internet.
With sockd installed on a server host, users on the other inside hosts can gain back the lost functionalities by using clients programs
designed to work with sockd proxy server, e.g, rtelnet in place of telnet, rftp in place of ftp, rfinger in place of finger, etc. Since
these client programs work like their normal counterparts without requiring direct IP-connectivity to the Internet, convenience to the
users is accomplished without breaching the security. The server host that runs sockd does have to be open to the Internet, and it there-
fore requires special attention to make sure that it is secure.
A configuration file /etc/sockd.fc (or /etc/sockd.conf) is used to control access to sockd and its services. Permission and denial of a
service request can be decided based on various combinations of the requesting host, the destination host, the type of service (destination
port number), as well as the requesting user. (See sockd.conf(5) and sockd.fc(5).)
If the server host is multi-homed, i.e., having more than one network interface and with its IP_FORWARDING turned off, and the server sup-
port RBIND operation, then it must run a multi-homed version of sockd, which requires another control file /etc/sockd.fr (or
/etc/sockd.route) to decide which interface to use for connection to any given destination host. See sockd.route(5) and sockd.fr(5). A
multi-homed sockd can be run on a single-homed host as well if necessary; you just have to set up /etc/sockd.route to direct all traffic
through the host's one and only network interface.
sockd uses syslog with facility daemon and level notice to log its activities and errors. Typical lines look like
Apr 11 08:51:29 eon sockd[636]: connected -- Connect from don(don)@abc.edu to wxy.com (telnet)
Apr 11 09:24:59 eon sockd[636]: terminated -- Connect from don(don)@abc.edu to wxy.com (telnet)
Apr 11 09:24:59 eon sockd[636]: 1048 bytes from abc.edu, 285143 bytes from wxy.com
Jun 22 18:24:54 eon sockd[884]: refused -- Connect from sam(unknown)@big.com to small.com (ftp)
In these lines, the first user-id is the one reported by the client program, the second one (within the parentheses) is what is reported by
identd on the client host. These log lines usually appear in file /var/adm/messages though that can be changed by modifying /etc/sys-
log.conf. (See syslogd(8) and syslog.conf(5).)
If you allow access to infosystems such as Gopher or WWW, you should be aware that they by nature would tend to get connections to hosts
all over the world and would use not only Gopher and WWW ports but possibly also ports for finger, telnet, ftp, nntp, etc. as well as non-
privileged ports ( > 1023).
For a stand-alone sockd, /etc/sockd.fc (or /etc/sockd.conf) and /etc/sockd.fr (or /etc/sockd.route), if required, are only read and parsed
once at the beginning of program execution. If you change the contents of either file and want to make the running sockd use the new con-
tents, you must send a SIGHUP signal to the running sockd process. Sending a running stand-alone sockd a SIGUSR1 signal causes it to record
on the systems's log file the effective contents of configuration and route files that it is currently using. You can find the process id
of the stand-alone sockd in /etc/sockd.pid.
Rather than using plain-text configuration file /etc/sockd.conf and route file /etc/sockd.route, sockd now looks for the corresponding
frozen files /etc/sockd.fc and /etc/sockd.fr first. The plain-text files are used only if the corresponding frozen files are not found. Use
commands make_sockdfc and make_sockdfr to produce the frosen files. Use commands dump_sockdfc and dump_sockdfr to examine the contents of
frozen files. (See make_sockdfc(8), make_sockdfr(8), dump_sockdfc(8), and dump_sockdfr(8).) Using frozen configuration and route files can
save a lot of overhead at start-up of sockd.
OPTIONS
The options are mutually exclusive and thus may only be used one at a time.
-ver With this option, sockd prints its own version number, the version number of the SOCKS protocol, whether it is SOCKSified, whether
it is a standalone daemon or must be run under inetd, whether it support RBIND, and whether a route file is required.
-I Use identd (RFC 1413) to verify the requester's user-id. Deny access if connection to client's identd fails or if the result does
not match the user-id reported by the client program. Client hosts without a properly installed identd daemon will not be served.
User verification is done before and in addition to the normal access control. This can be overridden in the sockd.conf file on a
line by line basis.
-i Similar to -I but more lenient. Access is denied only if client's identd reports a user-id that's different from what the client
program claims. This can be overridden in the sockd.conf file on a line by line basis.
Log entries similar to the following are produced upon failure of user-id verification:
Apr 15 14:42:51 eon sockd[729]: cannot connect to identd on big.edu
Apr 15 14:42:51 eon sockd[729]: refused -- Connect from bob(unknown)@big.edu to xyz.com (ftp)
Jul 15 12:23:06 eon sockd[832]: *Alert*: real user is sam, not jim
Jul 15 12:23:06 eon sockd[832]: refused -- Connect from jim(sam)@abc.org to bad.place.com (WWW)
FILES
/etc/sockd.fc, /etc/sockd.conf, /etc/sockd.fr, /etc/sockd.route, /etc/inetd.conf, /etc/services, /var/adm/messages, /etc/syslog.conf
SEE ALSO socks_clients(1), sockd.conf(5), sockd.route(5), socks.conf(5), make_sockdfc(8), make_sockdfr(8), dump_sockdfc(8), dump_sockdfr(8)AUTHOR
David Koblas, koblas@sgi.com
Ying-Da Lee, ylee@syl.dl.nec.com
David Mischel, dm@kansas.gene.com
June 6, 1996 SOCKD(8)
12-06-2012
Where's that gone now? 
At least from HP-UX I've got the lvm commands such as vgdisplay.