Preventing users from loggin into a unix box

From: Pete Turnbull <pete_at_dunnington.u-net.com>
Date: Thu Apr 19 17:01:55 2001

On Apr 19, 13:21, healyzh_at_aracnet.com wrote:
> > > I have a Solaris 2.6 Ultra-10 at work and I want to prevent users
from logging into my machine. I dont want
> > > to run in single-user mode. Is there a way to disable rlogin or
telnet over to my machine?
> >
> > Edit /etc/inetd.conf and comment out the shell, login, exec, telnet and
ftp
> > lines. As a matter of fact, comment everything else out as well.
> >
> > Eric
>
> Comment everything out and the question becomes, is the box still usable?
>
> Also it may be desirable to leave either telnet or ssh running, but move
> them to a non-standard port. That way he can access his own system
> remotely.

Security by obscurity is no security at all. OK, in this case it may be
more a question of convenience, but if Ram has the access (ie, access to
the root account) to do all these things, he would be better to either do
as Gene suggested and "touch /etc/nologin" (or put some text in it: the
contents are printed by login before it closes the connection), or to do it
properly and run tcpwrappers, with suitably set up /etc/hosts.allow and
/etc/hosts.deny files -- then he can control who can connect, from where,
and using which protocols (telnet, rlogin, rsh/rcp, ftp, ssh, etc).

If you *are* thinking of security, remember that inetd only controls some
network services -- some, like SMTP, HTTP, SNMP and others, normally run as
daemons in their own right.

-- 
Pete						Peter Turnbull
						Network Manager
						Dept. of Computer Science
						University of York
Received on Thu Apr 19 2001 - 17:01:55 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:33:27 BST