08-20-2008
The easiest, portable way is to use the tcpd/tcp_wrappers library by Wietse Venema. With this, /etc/services does not contain the telnetd program directly, but a line that invokes the program "tcpd" which in turn checks the files /etc/hosts.allow and /etc/hosts.deny. In these files, you can set policies however you desire (per process, per user, per source host).
Do a man on hosts_access (5).
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
How do you keep users from logging on while you do file maintenance? Is there a way to temporarily disable telnet? (2 Replies)
Discussion started by: michieka
2 Replies
2. UNIX for Dummies Questions & Answers
how do i disable the telnet (2 Replies)
Discussion started by: rmuhammad
2 Replies
3. Solaris
I am running solaris 9.. currently has telnet / ssh access..
Initially I just want to stop telnet access (but leave ftp open as some scripts etc still using this and need modification)
As far as I know I just need to do the following:
edit the /etc/inetd.conf file and comment out:
telnet ... (2 Replies)
Discussion started by: frustrated1
2 Replies
4. SCO
Hy,
Coud someone tell me how to disable root login via terminal (only from console should be allowed).
There is no ssh installed, only telnet.
I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login?
SCO OpenServer 5
... (1 Reply)
Discussion started by: veccinho
1 Replies
5. AIX
Hello!
I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh.
What i did:
- in /etc/security/user i added a line:
rlogin = false
which works fine when i try to login through telnet
- after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies
6. SCO
dear all,
pls give the sollution to disable root login from telnet directly.but it should allow while we type su command (2 Replies)
Discussion started by: prakrithi
2 Replies
7. Solaris
Hi to All,
I have configured telnet service in my server but am not able to login with root user in Linux Servers.
For that what can i do ?
Please help me
Thanks in Advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies
8. UNIX for Dummies Questions & Answers
we don't have root in our /etc/ftpd/ftpusers and we are getting some pushback from the external auditors about this - specifically as a security risk if a "sniffer" were to catch roots password at the ftp.
What do most shops do - disable ftp for root?
What do you do to get things to the... (3 Replies)
Discussion started by: LisaS
3 Replies
9. OS X (Apple)
Ok guys,
I'm just getting back to this amongst several other projects, but I thought I'd re-address it. I'm creating the script to disable windows from the previous login under 10.7. In order to do this it seems I need to create the same script for applications that launch and create the... (6 Replies)
Discussion started by: unimachead
6 Replies
10. UNIX for Advanced & Expert Users
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
Discussion started by: anaigini45
9 Replies
LEARN ABOUT DEBIAN
tcpdchk
TCPDCHK(8) System Manager's Manual TCPDCHK(8)
NAME
tcpdchk - tcp wrapper configuration checker
SYNOPSIS
tcpdchk [-a] [-d] [-i inet_conf] [-v]
DESCRIPTION
tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find. The program examines the tcpd
access control files (by default, these are /etc/hosts.allow and /etc/hosts.deny), and compares the entries in these files against entries
in the inetd network configuration file.
tcpdchk reports problems such as non-existent pathnames; services that appear in tcpd access control rules, but are not controlled by tcpd;
services that should not be wrapped; non-existent host names or non-internet address forms; occurrences of host aliases instead of official
host names; hosts with a name/address conflict; inappropriate use of wildcard patterns; inappropriate use of NIS netgroups or references to
non-existent NIS netgroups; references to non-existent options; invalid arguments to options; and so on.
Where possible, tcpdchk provides a helpful suggestion to fix the problem.
OPTIONS
-a Report access control rules that permit access without an explicit ALLOW keyword.
-d Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
-i inet_conf
Specify this option when tcpdchk is unable to find your inetd.conf network configuration file, or when you suspect that the program
uses the wrong one.
-v Display the contents of each access control rule. Daemon lists, client lists, shell commands and options are shown in a pretty-
printed format; this makes it easier for you to spot any discrepancies between what you want and what the program understands.
FILES
The default locations of the tcpd access control tables are:
/etc/hosts.allow
/etc/hosts.deny
SEE ALSO
tcpdmatch(8), explain what tcpd would do in specific cases.
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
inetd.conf(5), format of the inetd control file.
AUTHORS
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
TCPDCHK(8)