topic Re: Limit Telnet Session in Operating System - HP-UX

Limit Telnet Session

MRSG — Wed, 09 Apr 2003 09:00:14 GMT

Hi,
I have been involved in tightening the security of our hpux boxes. One of the tasks is limiting telnet session.
What I have found couple of things on the forum is limiting telnet session using .profile(per user) and also using /etc/default/security file for system wide.
What I noticed is that when I use security file to limit telnet session (system wide) it does not affect for X windows (rexec) unless I change to telnet in X windows which is no use. Is there anyway how I can limit number of session on system wide rather modifying .profile of 100's of users if they are using X window and most of the users login remotely.
HP-UX version is 10.20, 11.00 and 11.11
Thanks very much for you input.
Cheers,
Harry.

Re: Limit Telnet Session

Pete Ellis — Wed, 09 Apr 2003 09:09:45 GMT

Do a man on inetd.sec, the file is in /var/adm You can also stop rexec all together in /etc/inetd.conf

Re: Limit Telnet Session

Pete Randall — Wed, 09 Apr 2003 09:10:34 GMT

If I understand correctly when you say X windows, you could limit the number of pty(s) available via the kernel paramter npty. This, obviously, would be on a system wide basis rather than per user.

Pete

Re: Limit Telnet Session

Balaji N — Wed, 09 Apr 2003 09:16:58 GMT

hi,
i guess there is no single way.

copy /usr/dt/config/Xstartup to /etc/dt/config and use it for controlling login session using X and /etc/profile for telnet logins.

hth
-balaji

Re: Limit Telnet Session

T G Manikandan — Wed, 09 Apr 2003 09:17:06 GMT

Look into the kernel parameters

npty -pseudo ttys system wide

nstrtel--telnet device files
system wide

This is one of the ways where you can restrict.

Re: Limit Telnet Session

Glenn Joseph Andal — Thu, 10 Apr 2003 01:43:54 GMT

Sir,

You can use ssh2 that are downloadable from the web. this is more secure than using telnet. aside from authentication you can also limit the device/user to access your servers.

thank you

Re: Limit Telnet Session

Steven E. Protter — Thu, 10 Apr 2003 02:37:16 GMT

You can limit telnet sessions the ways noted above. Or, you can stop using telnet.

I'm pasting in my entire link list of helpful security enhancing tools, like secure shell, mentioned above and a few other toys that will really help you out. Pay close attention to Bastille, its a real time saver.

Links:

security_patch_check: Checks your system and makes sure its up to date with security patches from HP
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

Required Perl install

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Bastille: Security Hardening Tool

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

Secure Shell: a replacement for rcp ftp and telnet that encrypts passwords

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

IDS/9000 Intrusion Detection System which can track security breaches and attempted security breaches.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

pam kerobos
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5849AA

Attached is Chris Vail's paper on how to set up passwordless services by exchanging public keys.

SEP