pgrep inetd shows the process and pkill -HUP inetd reloads it.
It is necessary to inform inetd, because it starts the service daemons in inetd.conf on demand. -1 should be identical to -HUP
When the fingerd service is disabled the finger command works nevertheless. But a remote finger @thishost does not get any data from this host.
This User Gave Thanks to MadeInGermany For This Post:
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
Here is how I have made sure telnetd is not available:
Code:
ubuntu# find / -name telnetd
ubuntu#
That's very secure for telnetd ....
Here is how I secure fingerd:
Code:
ubuntu# find / -name fingerd
ubuntu#
That's very secure for fingerd ...
On production servers, I do not rely on configuration files for security when there are more secure ways to do things, especially when it comes to commands which can be used to exploit the system. It's easy to make a mistake in a config file, or even have some errand process overwrite one.
However, when the "not needs command" are off the server, it is really better.... if you really care about security.
For curl, for example (which I need from time to time), I have a wrapper:
Then, the PHP script above just logs as much details as it can (and does not call curl) ..... Because I have seen way too much malware attempting to use curl to download malicious code.
Of course, you don't need PHP do to this... but that is what I use to wrap, generally speaking, because I like logging the built in HTTPD globals vars.
When I need curl, I call it with a totally different name.
The more simple you secure you system (remove unneeded insecure commands, remove default names of exploitable commands, add more logging), the more secure your system will be.
At least, that is what I do..... and it works very well.
I have been instructed to disable the finger service for our Solaris 10 box. However when I input #svcadm disable finger I receive: "svcadm: Pattern 'finger' does not match any instances. I have also tried to edit the inetd config file and comment out the finger part but Solaris has basically... (14 Replies)
I have a bunch of Solaris systems and for the 8/9 systems, I can type "finger -s 2" to get a list of all users (whether they are logged in or not) and the last time they logged in. I have some new 10 systems and this command does not work. Does anybody know whether this was changed in Solaris 10?... (6 Replies)
I need to change the security on our AIX servers and disable telnet from all but certain IP addresses.
I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work.
Does anyone have any ideas?
Thanks. (2 Replies)
On Solaris 8 is there anyway to disable telnet for a particular user and not for entire system altogether?
I would like the user to retain a shell and so creating a noshell like ftp account is not an option. (14 Replies)
Hi...
How do I enable SSH and disable telnet..
Also - is there anything special I need to do to ensure that a new user can use ssh and su but not telnet?
Adel (15 Replies)
Hi All,
I want to disable telnet on the startup of solaris 8-10 but still wants for a standby purposes. In case I need to troubleshoot ssh, I can connect thru telnet.
Most solution on the internet is to permanently removed it.
Best Regards,
itik (5 Replies)
Hi,
Can someone help me how I can disable telnet timeout? I'm connecting remotely to some machines and after some time my telnet connection was closed. How can I disable this so that I'm always connected to those machines? Thanks! (2 Replies)
Hello all,
Here is what I am trying to do. If a user exist, then send an echo "EXIST" or else "DOES NOT EXIST". (under HP-UX)
Kind of:
#!/usr/bin/sh
USER=mylogin
finger $USER
if $? = 0
then
echo "EXIST""
else
echo "DOES NOT EXIST"
fi (10 Replies)
11-01-2019
