Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Not able to disable finger & telnet command in Solaris 8
Operating Systems Solaris Not able to disable finger & telnet command in Solaris 8 Post 303040584 by Neo on Friday 1st of November 2019 05:20:34 AM
Old 11-01-2019
Here is how I have made sure telnetd is not available:

Code:
ubuntu# find / -name telnetd
ubuntu#

That's very secure for telnetd ....

Here is how I secure fingerd:

Code:
ubuntu# find / -name fingerd
ubuntu#

That's very secure for fingerd ...

On production servers, I do not rely on configuration files for security when there are more secure ways to do things, especially when it comes to commands which can be used to exploit the system. It's easy to make a mistake in a config file, or even have some errand process overwrite one.

However, when the "not needs command" are off the server, it is really better.... if you really care about security.

For curl, for example (which I need from time to time), I have a wrapper:

Code:
ubuntu# cat /usr/bin/curl
#!/bin/sh
/usr/bin/php  /usr/bin/neo_curl.php  $@
#

Then, the PHP script above just logs as much details as it can (and does not call curl) ..... Because I have seen way too much malware attempting to use curl to download malicious code.

Of course, you don't need PHP do to this... but that is what I use to wrap, generally speaking, because I like logging the built in HTTPD globals vars.

When I need curl, I call it with a totally different name.

The more simple you secure you system (remove unneeded insecure commands, remove default names of exploitable commands, add more logging), the more secure your system will be.

At least, that is what I do..... and it works very well.
This User Gave Thanks to Neo For This Post:
amity
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

finger command

Hello all, Here is what I am trying to do. If a user exist, then send an echo "EXIST" or else "DOES NOT EXIST". (under HP-UX) Kind of: #!/usr/bin/sh USER=mylogin finger $USER if $? = 0 then echo "EXIST"" else echo "DOES NOT EXIST" fi (10 Replies)
Discussion started by: qfwfq
10 Replies

2. Solaris

disable telnet on Solaris

All - would you please some one help me to disable telnet on Solaris? /etc/inetd.conf Thanks :confused: (11 Replies)
Discussion started by: March_2007
11 Replies

3. Solaris

Disable telnet timeout

Hi, Can someone help me how I can disable telnet timeout? I'm connecting remotely to some machines and after some time my telnet connection was closed. How can I disable this so that I'm always connected to those machines? Thanks! (2 Replies)
Discussion started by: ayhanne
2 Replies

4. Solaris

disable telnet on the startup

Hi All, I want to disable telnet on the startup of solaris 8-10 but still wants for a standby purposes. In case I need to troubleshoot ssh, I can connect thru telnet. Most solution on the internet is to permanently removed it. Best Regards, itik (5 Replies)
Discussion started by: itik
5 Replies

5. Solaris

SSH enable, Telnet disable ...

Hi... How do I enable SSH and disable telnet.. Also - is there anything special I need to do to ensure that a new user can use ssh and su but not telnet? Adel (15 Replies)
Discussion started by: ArabOracle.com
15 Replies

6. Solaris

Disable telnet for a particular user

On Solaris 8 is there anyway to disable telnet for a particular user and not for entire system altogether? I would like the user to retain a shell and so creating a noshell like ftp account is not an option. (14 Replies)
Discussion started by: boshyd
14 Replies

7. AIX

Allow telnet in AIX from specific IP adds, but disable for everyone else

I need to change the security on our AIX servers and disable telnet from all but certain IP addresses. I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work. Does anyone have any ideas? Thanks. (2 Replies)
Discussion started by: Alps
2 Replies

8. Solaris

Having problems with finger on Solaris 10

I have a bunch of Solaris systems and for the 8/9 systems, I can type "finger -s 2" to get a list of all users (whether they are logged in or not) and the last time they logged in. I have some new 10 systems and this command does not work. Does anybody know whether this was changed in Solaris 10?... (6 Replies)
Discussion started by: Muller
6 Replies

9. Solaris

Solaris Finger Service Problem

I have been instructed to disable the finger service for our Solaris 10 box. However when I input #svcadm disable finger I receive: "svcadm: Pattern 'finger' does not match any instances. I have also tried to edit the inetd config file and comment out the finger part but Solaris has basically... (14 Replies)
Discussion started by: mvhoward
14 Replies

10. Shell Programming and Scripting

What is the use of "finger" command & how to use it to kill the online processes ?

Hi there, I am eager to know what exactly is the use of "finger" command & how to use it to kill the online processes ? :b: (1 Reply)
Discussion started by: abhijitpaul0212
1 Replies

LEARN ABOUT CENTOS

telnet-probe

TELNET-PROBE(1) 					      General Commands Manual						   TELNET-PROBE(1)

NAME

       telnet-probe - lightweight telnet-like port probe

SYNOPSIS

       $PCP_BINADM_DIR/telnet-probe [-c] [-v] host port

DESCRIPTION

       telnet-probe  allows  the  pmdashping(1)  daemons  to establish connections to arbitrary local and remote service-providing daemons so that
       response time and service availability information can be obtained.

       The required host and port number arguments have the same meaning as their telnet(1) equivalents.

       The -c option causes telnet-probe to perform a connect(2) only.	This skips the read(2) and write(2) exercise that would otherwise be  done
       after connecting (see below).

       The -v option causes telnet-probe to be verbose while operating.

       Once the telnet connection has been established, telnet-probe reads from stdin until end-of-file, and writes all the input data to the tel-
       net connection.	Next, telnet-probe will read from the telnet connection until end-of-file, discarding whatever	data  it  receives.   Then
       telnet-probe exits.

       To  operate  successfully,  the input passed via telnet-probe to the remote service must be sufficient to cause the remote service to close
       the connection when the last line of input has been processed, e.g. ending with ``quit'' when probing SMTP on port 25.

       By default telnet-probe will not produce any output, unless there is an error in which case a diagnostic message can be displayed (in  ver-
       bose mode only) and the exit status will be non-zero indicating a failure.

PCP ENVIRONMENT

       Environment  variables  with  the prefix PCP_ are used to parameterize the file and directory names used by PCP.  On each installation, the
       file /etc/pcp.conf contains the local values for these variables.  The $PCP_CONF variable may be used to specify an alternative	configura-
       tion file, as described in pcp.conf(5).

DIAGNOSTICS

       If  telnet-probe  succeeds, then 0 will be returned.  If the attempt to establish a connection fails or is terminated, then a non-zero exit
       status is returned.

SEE ALSO

       PCPintro(1), pmdashping(1), pmie(1), telnet(1), connect(2), read(2) and write(2).

Performance Co-Pilot							PCP							   TELNET-PROBE(1)
All times are GMT -4. The time now is 11:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy