Security vs. DB Post: 29105

Sponsored Content

Special Forums Cybersecurity Security vs. DB Post 29105 by RTM on Monday 30th of September 2002 10:04:15 AM

09-30-2002

Registered User

A couple of things come to mind but how are you doing this as far as startup? Is root running the startup script and doing a su - to the oracle user? I didn't notice a problem with su - user when the code was in /etc/profile.

Anyway, you could check to see if a terminal (psuedo, virtual, physical) was associated with the process and then check your file of authorized users. This should allow startup to have no problems.

Or, you could change startup to move a 'startup only' telnet_users file which allowed oracle account access to start the processes, and then moves that file and replaces it with the original once Oracle is started.

I'm sure there are more ways and will allow some others to voice their opinions.

One other thing - if you are concerned with security, why do you let anyone telnet? You should use ssh, IMHO.

RTM

View Public Profile for RTM

Find all posts by RTM

LEARN ABOUT DEBIAN

qpsmtpd-prefork

qpsmtpd-prefork(8)					      System Manager's Manual						qpsmtpd-prefork(8)

NAME

       qpsmtpd-prefork - Preforkin server for qpsmtpd

SYNOPSIS

       qpsmtpd-prefork [options]

DESCRIPTION

       qpsmtpd-prefork	is the qpsmtpd frontend script which binds to the SMTP TCP socket, and asynchronously forks new children in advance of new
       connections.

OPTIONS

       --port port
	      Binds to a specific port, instead of the default 2525.

       --user user
	      On startup, switch to run as user instead of the starting user.  Applies only when started as root (as is normal when  listening	on
	      port 25).

       --limit-connections limit
	      Accept at most limit simultaneous connections.  Inbound connections beyondthis limit will be deferred or refused.

       --max-from-ip limit
	      Accept at most limit simultaneous connections from any given IP address; does not override --limit-connections, if set.

       --children limit
	      Limit the total number of child processes to limit; once all children are handling requests, further connections are deferred.

       --idle-children count

	      Keep count child processes available, subject to the upper bound given via --children.  Specify 0 to disable preforking entirely.

       --interface addr
	      Bind  to	the  local address addr, instead of the default behavior of binding to all interfaces.	Can be specified multiple times to
	      bind to more than one interface or local address.

       --renice-parent delta

	      Adjust the priority of the parent process by delta, yielding more CPU time to other processes.  The default is 5.

       --detach
	      Detach from the controlling terminal at startup, to run as a standalone daemon.  See also --pid-file.

       --pid-file filename
	      Upon startup, and after daemonizing if applicable, write the process ID to filename, for use by sysvinit control scripts or  similar
	      utilities.

       --pretty-child

	      Update child process names within the process table.

       --version
	      Print the qpsmtpd release version and exit.

       --debug
	      Be somewhat more verbose about logging during startup (has no effect once fully started).

       --help Display commandline help and exit.

AUTHOR

       Copyright (c) 2006, SoftScan; based on qpsmtpd-forkserver by Ask Bjorn Hansen <ask@develooper.com>

	http://smtpd.develooper.com/

																qpsmtpd-prefork(8)