Pete Turnbull wrote:
> Security by obscurity is no security at all. OK, in this case it may be
> more a question of convenience, but if Ram has the access (ie, access to
> the root account) to do all these things, he would be better to either do
> as Gene suggested and "touch /etc/nologin" (or put some text in it: the
> contents are printed by login before it closes the connection), or to do it
> properly and run tcpwrappers, with suitably set up /etc/hosts.allow and
> /etc/hosts.deny files -- then he can control who can connect, from where,
> and using which protocols (telnet, rlogin, rsh/rcp, ftp, ssh, etc).
>
> If you *are* thinking of security, remember that inetd only controls some
> network services -- some, like SMTP, HTTP, SNMP and others, normally run as
> daemons in their own right.
>
I forgot about tcpwrappers. Havent used that in years. We used this on our
internet
gateway. This isnt about security, but to prevent annoying developers who bog
down
my machine (and doing so prevent me from developing my applications). The
inetd
solution is very quick and easy for me. Installing tcpwrappers and managing
that would
be way too much work for me. But thanks for the suggestion....
Ram
One happy camper....
--
,,,,
/'^'\
( o o )
-oOOO--(_)--OOOo-------------------------------------
| Ram Meenakshisundaram |
| Senior Software Engineer |
| OpenLink Financial Inc |
| .oooO Phone: (516) 227-6600 x267 |
| ( ) Oooo. Email: rmeenaks_at_olf.com |
---\ (----( )--------------------------------------
\_) ) /
(_/
Received on Thu Apr 19 2001 - 17:15:42 BST