Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: securing a remote box
Special Forums Cybersecurity securing a remote box Post 20964 by thehoghunter on Wednesday 8th of May 2002 11:39:29 AM
Old 05-08-2002
Quote:
The server is located over 1000 miles away...
It is great that we can telecomute but once in a while, you just have to be there. Our company laid off the only guy we had to do our servers 1300 miles away. The next time one needs an upgrade or service, one of us may have to go there. We have remote access to the console which still allows us to change things all the way down to the boot prom. If you don't have this type of access, you might want to get the equipment and software together and take a road trip.

Quote:
It's a Solaris 7 box with many of the system files safe on nfs
I don't remember who said in these forums, but I'm sure they will respond back with horror at this statement. NFS is not considered secure - it probably the easiest way to get access into your server.

Quote:
I've got a backup of everything I had access to from a week prior to the hack
You better be sure that is prior to the hack or you may miss the files the hacker changed to backdoor you. That is why it should be built from scratch.
thehoghunter
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Beginner: Securing a Unix box

Newbie in the Unix world here....trying to load Solaris 2.8 AGAIN, and trying to secure the box this time. Any suggestions anyone? Any tips? Appreciate your help, gurus! TIA, trigeek8888 (2 Replies)
Discussion started by: trigeek8888
2 Replies

2. UNIX for Dummies Questions & Answers

remote x session to a server box w/no IO

I am trying to connect to a unix server box and start an X session. It has kde and xfree86 installed. However, since it is just a server, sitting somehwere in another state probably on top of and below other servers, it has no mouse,keyboard,or monitor attached to it. When I try to startx, I... (2 Replies)
Discussion started by: SnakeO
2 Replies

3. Shell Programming and Scripting

issue a ping on a remote box

Hi there I am running a script on a central box (boxA) that will send a remote request to boxB to perform a ping test to an ip note: I am not pinging boxB from boxA but sending a request over ssh to get boxB to perform a ping test ! The thing is, I want the script back at boxA to know... (4 Replies)
Discussion started by: hcclnoodles
4 Replies

4. Shell Programming and Scripting

Pop up dialog box on remote computers

I need to send out messages to over 100 clients in my sector. I want it to pop up a dialog box letting them know to save work and log out. I have the reboot script created just need the warning please. Thanks (35 Replies)
Discussion started by: deaconf19
35 Replies

5. UNIX for Dummies Questions & Answers

Transferring files Permission issues in remote box

Hi, I have a directory 'data' which is a symbolic link to /var/opt/store/rawdata/appname on a remote box. I am not able to SFTP some files from my local box to this dir. in the remote box. Also I am not able to copy or move the files in the robot id home dir. in remote box to this data dir... (2 Replies)
Discussion started by: vharsha
2 Replies

6. Linux

Securing remote connections

Hi all, I have a couple of questions I've been searching on internet but I didn't find a suitable solution. The aim is that I'd like to access to my home Linux (an 8.04 Ubuntu) from outside. I already achieved with ssh, but I'd like to secure as much as I can. These are questions: The... (2 Replies)
Discussion started by: AlbertGM
2 Replies

7. Linux

How to find remote Linux box login account without login in to that box?

Hi, How to find remote Linux box login account without login in to that box? I don't have login account at my remote Linux box. But I need who are all having login account. How do I findout? Thanks, --Muthu. (3 Replies)
Discussion started by: Muthuselvan
3 Replies

8. Cybersecurity

securing AIX box

Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies

9. Shell Programming and Scripting

Establishing remote connection to a Xserver from a UNIX Box

Hello Guys , I have been working on a script where we are looking to connect a remote Xserver from a Unix box. Once a connection is made , i need to run several commands on remote machine to check various stuffs. As per my knowledge on unix (which is like a drop in ocean) , i found SSH as a... (7 Replies)
Discussion started by: himanshu sood
7 Replies

10. Shell Programming and Scripting

Notify when the script run(hourly)on my jump-box only when there is a failure on my remote-box

Team, Presently I have a script, which i have set up cron on one of my Jump-boxes,and gives me the output on every hourly basis,fetching the data from the remote machine.Basically it gives me the list of all active users logged and its count once we execute the script.Here the count is... (6 Replies)
Discussion started by: whizkidash
6 Replies

LEARN ABOUT HPUX

inetd.sec

inetd.sec(4)						     Kernel Interfaces Manual						      inetd.sec(4)

NAME

       inetd.sec - optional security file for inetd

DESCRIPTION

       When  accepts  a  connection from a remote system, it checks the address of the host requesting the service against the list of hosts to be
       allowed or denied access to the specific service (see inetd(1M)).

       The file allows the system administrator to control which hosts (or networks in general) are allowed to use the system remotely.  This file
       constitutes  an	extra  layer  of security in addition to the normal checks done by the services.  It precedes the security of the servers;
       that is, a server is not started by the Internet daemon unless the host requesting the service is a valid host according to

       If file does not exist, security is limited to that implemented by the servers.	and the directory should be writable only by their owners.
       Changes to apply to any subsequent connections.

       Lines in beginning with the pound sign are comments.  Comments are not allowed at the end of a line of data.

       The  lines  in  the  file  contain a service name, permission field, and the Internet addresses or official names of the hosts and networks
       allowed to use that service in the local host.  The fields in each line are as follows:

       service name { hostaddrs | hostnames | netaddrs | netnames }

       Note: service name is the name (not alias) of a valid service in file The service name for RPC-based services (NFS) is the name (not alias)
       of a valid service in file A service name in corresponds to a unique RPC program number.

       determines  whether  the  list  of remote hosts in the next field is allowed or denied access to the specified service.	Multiple lines for
       each service are not unsupported.  If there are multiple lines for a particular service, all but the last line are ignored.

       Addresses (hostaddrs and netaddrs) and names (hostnames and netnames) are separated by white space.  Any mix  of  addresses  and  names	is
       allowed.  To continue a line, terminate it with backslash,

       Host names and network names are the official names of the hosts or networks as returned by or respectively.  Wildcard characters and range
       characters are allowed.	The and the can be present in any of the fields of the address.  An address field is a string of characters  sepa-
       rated by a dot

       Hostname  resolution  failure  in  may  cause to delay the processing of connection requests.  To avoid such delays, configure host/network
       addresses instead of host/network names in the file.

EXAMPLES

       Use a wildcard character to permit a whole network to communicate with the local host without having to list all the hosts in that network.
       For example, to allow all hosts with network addresses starting with a as well as the single host with address to use rlogin:

       On a system running NFS, deny host access to sprayd, an RPC-based server:

       A range is a field containing a character.  To deny hosts in network 10 (arpa) with subnets 3 through 5 access to

       The following entry denies access to host any hosts on the network named and the host with internet address

       If a remote service is not listed in the security file, or if it is listed but it is not followed by or all remote hosts can attempt to use
       it.  Security is then provided by the service itself.  The following lines, if present in allow or deny access to the service indicated:

	      Allow all hosts to use

	      Deny all access to the service; i.e.,

	      Allow access to the service by any host:

	      or
   IPv6 Functionality
       For an IPv6 service, an IPv6 address can be specified in the host address field of The host address field can contain IPv6 addresses,  IPv4
       addresses, or both.  This specification includes the IPv4 mapped IPv6 addresses also.

       Host names for IPv6 services are the official names of the hosts returned by

       The wildcard characters and range characters are not supported for IPv6 addresses. The equivalent for the wildcard character is provided in
       the form of followed by a forward-slash and See the IPv6 Examples section for more details.

   IPv6 Examples
       To allow an IPv6 host with address and an IPv4 host with address in order to use the service, an entry in the file should be as follows:

       The following entry denies access to all hosts with a prefix

AUTHOR

       was developed by HP.

       NFS was developed by Sun Microsystems, Inc.

FILES

SEE ALSO

       inetd(1M), gethostent(3N), getaddrinfo(3N), getnetent(3N), hosts(4), inetd.conf(4), networks(4), protocols(4), rpc(4), services(4).

																      inetd.sec(4)
All times are GMT -4. The time now is 06:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy