Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How do I restrict TFTP access to certain hosts/IP addresses?
Operating Systems AIX How do I restrict TFTP access to certain hosts/IP addresses? Post 302508926 by need2bageek on Tuesday 29th of March 2011 12:11:39 PM
Old 03-29-2011
How do I restrict TFTP access to certain hosts/IP addresses?
Hi Everyone,
I searched for an answer to this but couldn't find one so I'm hoping someone can lend some advice. My issue is that I have an AIX server running Sysback (for TSM backup/restore) and Sysback uses TFTP for sending the boot image to the client during a restore. A recent penetration test by Verizon has determined that this TFTP access is a major vulnerability. Does anyone know of a way to restrict TFTP access to only certain hosts on the network? Verizon recommends disabling TFTP in inetd.conf, but I can't do that because then Sysback restores would fail. Also, please note that is TFTP - not FTP.

Any help is greatly appreciated.

Thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache restrict access with certificates

Hello! Does anyone know if it's possible to restrict access to apache webserver with certificates? What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page. I would be very happy if someone knew! /D (2 Replies)
Discussion started by: Esaia
2 Replies

2. Red Hat

restrict access of a user to two directories only

Hi all, I am using RHEL 5.0 I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory. I do not want to change his login shell which is ksh or bash by default. Moreover, he should not even have read access of other directories. ... (10 Replies)
Discussion started by: vikas027
10 Replies

3. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

4. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

5. Solaris

Restrict access to solaris10 [SOLVED]

Hello, I have a solaris10 sparc running on a server and it is a Sun DS (LDAP) server as well as LDAP client. I have changed ssh server port to something other than 22 but is there any way to configure that only users abc, def, ghi from LDAP can login via ssh? SSH software on solaris10 is... (0 Replies)
Discussion started by: upengan78
0 Replies

6. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

7. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

8. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

9. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

10. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

LEARN ABOUT LINUX

in.tftpd

in.tftpd(1M)                                                                                                                          in.tftpd(1M)

NAME

       in.tftpd, tftpd - Internet Trivial File Transfer Protocol server

SYNOPSIS

       in.tftpd [-s] [homedir]

       tftpd is a server that supports the Internet Trivial File Transfer Protocol (TFTP).

       Before responding to a request, the server attempts to change its current directory to homedir; the default directory is /tftpboot.

       The  use of tftp does not require an account or password on the remote system. Due to the lack of authentication information, in.tftpd will
       allow only publicly readable files to be accessed. Files may be written only if they already exist and are publicly  writable.   Note  that
       this extends the concept of "public" to include all users on all hosts that can be reached through the network. This may not be appropriate
       on all systems, and its implications should be considered before enabling this service.

       in.tftpd runs with the user ID and group ID set to [GU]ID_NOBODY under the assumption that no files exist with that owner  or  group.  How-
       ever, nothing checks this assumption or enforces this restriction.

       -d       Debug. When specified it sets the SO_DEBUG socket option.

       -s       Secure. When specified, the directory change to homedir must succeed. The daemon also changes its root directory to homedir.

       The in.tftpd server is IPv6-enabled. See ip6(7P).

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWtftp                     |
       +-----------------------------+-----------------------------+

       svcs(1), tftp(1), inetadm(1M), inetd(1M), svcadm(1M), netconfig(4), attributes(5), smf(5), ip6(7P)

       Malkin, G. and Harkin, A. RFC 2347, TFTP Option Extension. The Internet Society. May 1998

       Malkin, G. and Harkin, A. RFC 2348, TFTP Blocksize Option. The Internet Society. May 1998

       Malkin, G. and Harkin, A. RFC 2349, TFTP Timeout Interval and Transfer Size Options. The Internet Society. May 1998

       Sollins, K.R. RFC 1350, The TFTP Protocol (Revision 2). Network Working Group. July 1992.

       The tftpd server only acknowledges the transfer size option that is sent with a read request when the octet transfer mode is specified.

       The in.tftpd.1m service is managed by the service management facility, smf(5), under the service identifier:

       svc:/network/tftp/udp6:default

       Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibil-
       ity for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view config-
       uration information for this service. The service's status can be queried using the svcs(1) command.

       Unlike  most  smf(5)  services,  a  manifest for the tftp service is not included in the system. To create one and enable this service, the
       administrator should:

       1.  Edit /etc/inet/inetd.conf and uncomment the tftp entry.

       2.  Run /usr/sbin/inetconv.

       After you run inetconv, the svc:/network/tftp/udp6:default service is created and enabled.

                                                                    8 Mar 2005                                                        in.tftpd(1M)
All times are GMT -4. The time now is 09:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy