Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: restricted telnet sessions
Special Forums Cybersecurity restricted telnet sessions Post 6933 by Andy Hibbins on Saturday 15th of September 2001 08:35:39 PM
Old 09-15-2001
Hi amit,

Have you tried running the telnet daemon from xinetd?
xinetd allows very fine control of services, you can control: max instances, instances per ip/user, time at which access is allowed (for all users).
info on xinetd:http://www.synack.net/xinetd/faq.html

If your system and the telnet daemon is pam enabled you could set access controls in either the time.conf or limits.conf files.usually located in /etc/security.

info on pam time.conf can be found at the pam admin website:
http://www.kernel.org/pub/linux/libs...-html/pam.html

Hope this helps.

Andy H Smilie
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to Re-connect to floating telnet sessions

We use SCO OSR5 with TermLIte to create telnet sessions. If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session. Does anyone... (2 Replies)
Discussion started by: mikeh
2 Replies

2. UNIX for Advanced & Expert Users

Limiting telnet sessions on HP UX Box

Anyone know how to limit the telnet sessions on a per user basis on an HP UX Box. I would like to limit the Maximum number of telnet seesions a user can open at any give time to around 4 or 5. I have been looking and looking and do not seem to be able to find anything on this. Any help would be... (2 Replies)
Discussion started by: Witlr
2 Replies

3. Linux

Can Telnet in Linux 8.0 be restricted for users

Hi, I want to create a user and allow its to be able to have telnet session like what you have in the ftp allow and deny. Is this possible Thanx. (3 Replies)
Discussion started by: kayode
3 Replies

4. UNIX for Dummies Questions & Answers

incr # telnet sessions - emergency

we moved to new server this weekend. npty nstrpty nstrtel all set to 700 now this AM, users are getting on and after 60 (which was the default for those parms) users - everyone else gets a telnet msg. I urgently need to know what is causing this and how to fix. thank you. Lisa (3 Replies)
Discussion started by: LisaS
3 Replies

5. Solaris

Logging Telnet Sessions

I am trying to find the following information regarding the logging of telnet sessions within a Solaris 10 environment: (1) How can I tell if the logging of telnet sessions is enabled on a Solaris 10 machine? (2) Assuming that the logging of telnet sessions is not enabled, what is the... (1 Reply)
Discussion started by: RobSand
1 Replies

6. Red Hat

RHEL 4, simltaneous maximum ftp/telnet sessions allowed

Hi Users, Kindly help me with below query of mine. Using Red Hat Linux Enterprise Edition as the client how many simultaneous 1) Maximum FTP sessions are allowed 2) Maximum Telnet sessions are allowed 3) any special settings need to be enabled for maximum telnet and ftp sessions on... (2 Replies)
Discussion started by: newbie07
2 Replies

7. HP-UX

maximum telnet sessions

Currenly my hp-ux server can take the default of 60 telnet connections, i want to know how i can increase this. and also can i effect such changes without doing a reboot. My server is HP-UX B.11.23 (1 Reply)
Discussion started by: tomjones
1 Replies

8. Solaris

Logging Telnet sessions ?

hello guys, Does anybody know how I can log all the telnet sessions for a specific IP. For instance, anybody who make a telnet to IP x.x.x.x this session will be logged. the purpose of it is that I need to know every command that people are running on this node. Any help ? Thanks. (1 Reply)
Discussion started by: cerioni
1 Replies

9. Solaris

Logging remote telnet sessions via script

Hi, My requirement - for security purpose - I want all root logins to my solaris servers are done by a script kept in a separate unix box. This script will telnet into remote solaris server with root user and log every session via log file. Now my purpose is to log every telnet session... (3 Replies)
Discussion started by: rahul_jain250
3 Replies

10. AIX

Telnet sessions stay as idle users

Hi The telnet sessions stay as idle users. It is not getting kicked out. Please advise what could be the issue. only when we reboot the server these telnet sessions goes. Below is the current output from the server. we rebooted the server three days ago: pmut6:/> uptime 04:21PM... (8 Replies)
Discussion started by: newtoaixos
8 Replies

LEARN ABOUT HPUX

xinetd

XINETD(8)						      System Manager's Manual							 XINETD(8)

NAME

       xinetd - the extended Internet services daemon

SYNOPSIS

       xinetd [options]

DESCRIPTION

       xinetd  performs  the same function as inetd: it starts programs that provide Internet services.  Instead of having such servers started at
       system initialization time, and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens	on
       all  service  ports  for  the  services	listed	in  its configuration file. When a request comes in, xinetd starts the appropriate server.
       Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.

       The services listed in xinetd's configuration file can be separated into two groups.  Services in the first group are called multi-threaded
       and  they  require  the forking of a new server process for each new connection request.  The new server then handles that connection.  For
       such services, xinetd keeps listening for new requests so that it can spawn new servers.  On the other hand, the second group includes ser-
       vices  for  which the service daemon is responsible for handling all new connection requests.  Such services are called single-threaded and
       xinetd will stop handling new requests for them until the server dies.  Services in this group are usually datagram-based.

       So far, the only reason for the existence of a super-server was to conserve system resources by avoiding to fork a lot of  processes  which
       might  be dormant for most of their lifetime.  While fulfilling this function, xinetd takes advantage of the idea of a super-server to pro-
       vide features such as access control and logging.  Furthermore, xinetd is not limited to services listed in /etc/services.  Therefore, any-
       body can use xinetd to start special-purpose servers.

OPTIONS

       -d     Enables debug mode. This produces a lot of debugging output, and it makes it possible to use a debugger on xinetd.

       -syslog syslog_facility
	      This  option  enables  syslog logging of xinetd-produced messages using the specified syslog facility.  The following facility names
	      are supported: daemon, auth, user, local[0-7] (check syslog.conf(5) for their meanings).	This option is ineffective in  debug  mode
	      since all relevant messages are sent to the terminal.

       -filelog logfile
	      xinetd-produced  messages  will  be  placed  in the specified file.  Messages are always appended to the file.  If the file does not
	      exist, it will be created.  This option is ineffective in debug mode since all relevant messages are sent to the terminal.

       -f config_file
	      Determines the file that xinetd uses for configuration. The default is /etc/xinetd.conf.

       -pidfile pid_file
	      The process ID is written to the file. This option is ineffective in debug mode.

       -dontfork
	      Tells xinetd to stay in the foreground rather than detaching itself, to support being run from  init  or	daemontools.  This  option
	      automatically sets -stayalive (see below).

       -stayalive
	      Tells xinetd to stay running even if no services are specified.

       -limit proc_limit
	      This option places a limit on the number of concurrently running processes that can be started by xinetd.  Its purpose is to prevent
	      process table overflows.

       -logprocs limit
	      This option places a limit on the number of concurrently running servers for remote userid acquisition.

       -version
	      This option causes xinetd to print out its version information.

       -inetd_compat
	      This option causes xinetd to read /etc/inetd.conf in addition to the standard xinetd config files.  /etc/inetd.conf  is  read  after
	      the standard xinetd config files.

       -inetd_ipv6
	      This  option  causes  xinetd  to	bind  to IPv6 (AF_INET6) addresses for inetd compatibility lines (see previous option).  This only
	      affects how /etc/inetd.conf is interpreted and thus only has any effect if the -inetd_compat option is also used.

       -cc interval
	      This option instructs xinetd to perform periodic consistency checks on its internal state every interval seconds.

       The syslog and filelog options are mutually exclusive.  If none is specified, the default is syslog using the daemon facility.  You  should
       not confuse xinetd messages with messages related to service logging. The latter are logged only if this is specified via the configuration
       file.

CONTROLLING XINETD

       xinetd performs certain actions when it receives certain signals.  The actions associated with the specific signals  can  be  redefined	by
       editing config.h and recompiling.

       SIGHUP	      causes  a  hard reconfiguration, which means that xinetd re-reads the configuration file and terminates the servers for ser-
		      vices that are no longer available. Access control is performed again on running servers by checking  the  remote  location,
		      access  times  and  server  instances. If the number of server instances is lowered, some arbitrarily picked servers will be
		      killed to satisfy the limit; this will happen after any servers are terminated because of failing  the  remote  location	or
		      access  time  checks.  Also, if the INTERCEPT flag was clear and is set, any running servers for that service will be termi-
		      nated; the purpose of this is to ensure that after a hard reconfiguration there will be no running servers that  can  accept
		      packets from addresses that do not meet the access control criteria.

       SIGQUIT	      causes program termination.

       SIGTERM	      terminates all running servers before terminating xinetd.

       SIGUSR1	      causes  an  internal  state  dump  (the default dump file is /var/run/xinetd.dump; to change the filename, edit config.h and
		      recompile).

       SIGABRT	      causes an internal consistency check to verify that the data structures used by the program have not been  corrupted.   When
		      the check is completed xinetd will generate a message that says if the check was successful or not.

       On reconfiguration the log files are closed and reopened. This allows removal of old log files.

FILES

       /etc/xinetd.conf    default configuration file
       /var/run/xinetd.dump
			   default dump file

SEE ALSO

       inetd(8),

       xinetd.conf(5),

       xinetd.log(5)

       http://cr.yp.to/daemontools.html

AUTHOR

       Panos Tsirigotis, CS Dept, University of Colorado, Boulder Rob Braun

PRONUNCIATION

       zy-net-d

								   14 June 2001 							 XINETD(8)
All times are GMT -4. The time now is 05:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy