Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How do I restrict TFTP access to certain hosts/IP addresses?
Operating Systems AIX How do I restrict TFTP access to certain hosts/IP addresses? Post 302508926 by need2bageek on Tuesday 29th of March 2011 12:11:39 PM
Old 03-29-2011
How do I restrict TFTP access to certain hosts/IP addresses?
Hi Everyone,
I searched for an answer to this but couldn't find one so I'm hoping someone can lend some advice. My issue is that I have an AIX server running Sysback (for TSM backup/restore) and Sysback uses TFTP for sending the boot image to the client during a restore. A recent penetration test by Verizon has determined that this TFTP access is a major vulnerability. Does anyone know of a way to restrict TFTP access to only certain hosts on the network? Verizon recommends disabling TFTP in inetd.conf, but I can't do that because then Sysback restores would fail. Also, please note that is TFTP - not FTP.

Any help is greatly appreciated.

Thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache restrict access with certificates

Hello! Does anyone know if it's possible to restrict access to apache webserver with certificates? What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page. I would be very happy if someone knew! /D (2 Replies)
Discussion started by: Esaia
2 Replies

2. Red Hat

restrict access of a user to two directories only

Hi all, I am using RHEL 5.0 I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory. I do not want to change his login shell which is ksh or bash by default. Moreover, he should not even have read access of other directories. ... (10 Replies)
Discussion started by: vikas027
10 Replies

3. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

4. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

5. Solaris

Restrict access to solaris10 [SOLVED]

Hello, I have a solaris10 sparc running on a server and it is a Sun DS (LDAP) server as well as LDAP client. I have changed ssh server port to something other than 22 but is there any way to configure that only users abc, def, ghi from LDAP can login via ssh? SSH software on solaris10 is... (0 Replies)
Discussion started by: upengan78
0 Replies

6. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

7. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

8. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

9. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

10. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

LEARN ABOUT OSF1

backup_listhosts

BACKUP_LISTHOSTS(8)					       AFS Command Reference					       BACKUP_LISTHOSTS(8)

NAME

       backup_listhosts - Lists Tape Coordinators registered in the Backup Database

SYNOPSIS

       backup listhosts [-localauth] [-cell <cell name>] [-help]

       backup listh [-l] [-c <cell name>] [-h]

DESCRIPTION

       The backup listhosts command displays the Backup Database record of the port offset numbers defined for Tape Coordinator machines. A Tape
       Coordinator must have an entry in the list to be available for backup operations.

       The existence of an entry does not necessarily indicate that the Tape Coordinator process (butc) is currently running at that port offset.
       To check, issue the backup status command.

OPTIONS

       -localauth
	   Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. The backup command interpreter presents it to
	   the Backup Server, Volume Server and VL Server during mutual authentication. Do not combine this flag with the -cell argument. For more
	   details, see backup(8).

       -cell <cell name>
	   Names the cell in which to run the command. Do not combine this argument with the -localauth flag. For more details, see backup(8).

       -help
	   Prints the online help for this command. All other valid options are ignored.

OUTPUT

       After a "Tape hosts:" header, the output reports two things about each Tape Coordinator currently defined in the Backup Database:

       o   The hostname of the machine housing the Tape Coordinator. The format of this name depends on the hostname format used when the backup
	   addhost command was issued.

       o   The Tape Coordinator's port offset number.

       The Tape Coordinators appear in the order in which they were added to the Backup Database.

EXAMPLES

       The following example shows the result of the command in the ABC Corporation cell:

	  % backup listhosts
	  Tape hosts:
	      Host backup1.abc.com, port offset 0
	      Host backup1.abc.com, port offset 1
	      Host backup3.abc.com, port offset 4
	      Host backup2.abc.com, port offset 3

PRIVILEGE REQUIRED

       The issuer must be listed in the /etc/openafs/server/UserList file on every machine where the Backup Server is running, or must be logged
       onto a server machine as the local superuser "root" if the -localauth flag is included.

SEE ALSO

       backup(8), backup_addhost(8), backup_delhost(8), backup_status(8)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD by software written by Chas
       Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS 							    2012-03-26						       BACKUP_LISTHOSTS(8)
All times are GMT -4. The time now is 01:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy