topic Re: telnet hpux in Operating System - HP-UX

telnet hpux

kacou — Tue, 27 May 2008 15:53:40 GMT

1- Is it possible to prevent all user to remoteconnect by telnet?
2- Is it possible to prevent the root to open two sections (or account) at the same moment?

Re: telnet hpux

Pete Randall — Tue, 27 May 2008 15:57:40 GMT

1. comment telnet out of /etc/inetd.conf (see man 4 inetd.conf for more information.

2. you could probably add some scripting to /etc/profile to count and limit the number of root logins.

Pete

Re: telnet hpux

Ivan Krastev — Tue, 27 May 2008 15:58:10 GMT

See /etc/default/security - http://docs.hp.com/en/B9106-90011/security.4.html

NOLOGIN
This parameter controls whether non-root login can be disabled by the /etc/nologin file.

NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin file exists.

NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the /etc/nologin file exists.

Default value: NOLOGIN=0

For 2 - use wrapper script to count root login sessions.

regards,
ivan

Re: telnet hpux

Sp4admin — Tue, 27 May 2008 16:38:57 GMT

Hey Kacou,

You can turn off telnet in the /etc/inetd.conf file. On you second question I'm not sure.

sp.

Re: telnet hpux

Pete Randall — Tue, 27 May 2008 17:10:57 GMT

The "nologin" parameter of the security file will, I believe, prevent all non-root logins rather than just telnet. I don't think that was the intent.

Pete

Re: telnet hpux

kacou — Tue, 27 May 2008 17:17:51 GMT

Is it possible to prevent all user to remote connect by telnet or ssh? but i don't want to desable telnet or ssh

Re: telnet hpux

Patrick Wallek — Tue, 27 May 2008 17:24:21 GMT

>> Is it possible to prevent all user to remote connect by telnet or ssh?

Sure, just don't set up accounts for those users or disable their accounts.

Re: telnet hpux

kacou — Tue, 27 May 2008 17:49:05 GMT

what do you think about this parameter (NUMBER_OF_LOGINS_ALLOWED=0)in /etc/default/security?

Re: telnet hpux

Patrick Wallek — Tue, 27 May 2008 18:50:16 GMT

Did you read the man page to see what that option means? If not, you should as it is very informative and you can form your own opinion.

# man security

Re: telnet hpux

Sajjad Sahir — Wed, 28 May 2008 09:42:15 GMT

Dear Kacout

put # symbol in front of telnet in /etc/inetd.conf file once u made changes
run inetd -c command

Re: telnet hpux

Syed Nazer Abbas — Wed, 28 May 2008 10:29:42 GMT

1-/etc/nologin create the file and only one root user can login.

Re: telnet hpux

kacou — Wed, 28 May 2008 10:47:03 GMT

It is just two persons that I want to forbid , not all users.

Re: telnet hpux

Pete Randall — Wed, 28 May 2008 10:56:08 GMT

Are these two persons supposed to be able to log in by any other means other than telnet or ssh? If not, then Patrick hit the nail on the head - remove or lock their accounts and they will not be able to log in at all.

Another possibility is to have a global login script like /etc/profile, which would have code in it to reject these users' login attempts.

Pete

Re: telnet hpux

kacou — Wed, 28 May 2008 11:06:05 GMT

the two users must log using another acount and do ''su''.

Re: telnet hpux

Syed Nazer Abbas — Thu, 29 May 2008 05:04:41 GMT

well you can lock the user account.. vipw and put # on start of the username then that user will be unable to login to system.

Re: telnet hpux

kacou — Thu, 29 May 2008 08:04:44 GMT

HI SIED NAZER,

I have make as you said. but this user can't do ''su'' to log himself even if he logs at first by the root.

Re: telnet hpux

Dennis Handly — Thu, 29 May 2008 08:29:38 GMT

>Syed: well you can lock the user account. vipw and put # on start of the username then that user will be unable to login to system.

This doesn't lock the user, it renames the user to "#whatever".

If you want to lock the user, you put a "*" before their password field.

Re: telnet hpux

kacou — Thu, 29 May 2008 08:37:51 GMT

On the other hand I can not use 'su'. How can i resolve that?

Re: telnet hpux

Dennis Handly — Thu, 29 May 2008 08:41:37 GMT

>On the other hand I can not use 'su'. How can I resolve that?

su works fine to "*" out users. At least on a non-trusted system.

Re: telnet hpux

Torsten. — Thu, 29 May 2008 08:42:36 GMT

"I can not use 'su'"

Do you get any message?