topic Re: Login in Operating System - HP-UX

Login

Eric Jacklin — Tue, 01 May 2007 00:48:24 GMT

Hi

When i am doing a telnet to my system it is showing following message before login prompt.
"HP-UX Hostname B.11.11 U 9000/800 (tb)"

But security point of view it should not be happend so please let me know how should i change this and normally instade of this message what should i put ?

Re: Login

Peter Godron — Tue, 01 May 2007 02:14:46 GMT

Hi,
have you checked the file /etc/inetd.conf .
Look for the telnet line, which would call a file.

You may want to look at this similar thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=223757

Please read:
http://66.34.90.71/ITRCForumsEtiquette/after.html

Please also read:
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
on how to reward any useful answers given to your questions.

So far you have rewarded only 7 of 45 answers !

Re: Login

spex — Tue, 01 May 2007 07:35:21 GMT

>But security point of view it should not be
>happend so please let me know how should i
>change this and normally instade of this
>message what should i put ?

From a security point of view, you shouldn't be running telnet at all. All network traffic, including passwords, is transmitted in cleartext.

PCS

Re: Login

Marco A. — Tue, 01 May 2007 07:59:49 GMT

Hello,

You can check for that at the following files.

/etc/motd
/etc/profile or $HOME/.profile , but actually I believe that these two option are the right for you.

Try that, and let us know your results trying to enter to the system again.

Marc0

Re: Login

Marco A. — Tue, 01 May 2007 08:11:07 GMT

Check this out.

At the end of my "/root/.profile" you can see the following. :

# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"
export HISTFILE=/root/.sh_history
export HISTSIZE=3000
umask 022
PS1=`id -un`'@'`hostname`:'${PWD##//}> '

----------------
Probably you have something like that with that message in your .profile file.

Regards,

MArc0

Re: Login

Pete Randall — Tue, 01 May 2007 08:23:46 GMT

Check the /etc/copyright file, which is cat'd in /etc/profile.

Pete

Re: Login

Marco A. — Tue, 01 May 2007 08:44:37 GMT

Hello John,

Actually I see that the banner you say could not be removed and is part of the system.

http://docs.hp.com/en/5991-6482/ch03s10.html

AFTER logged into the system, you can see reflected the other banner such as /etc/motd, /etc/issue, /etc/copyright , and the .profile files.

I believe that info cannot be remove it from there.

Regards.

Re: Login

Marco A. — Tue, 01 May 2007 08:47:53 GMT

Well...., I'm talking about telnet..., telnet shows that..., if you connect to the server using ssh you will not see that, so ...I think that maybe modifying the /etc/inetd.conf file or something like that you could achieve that, but ssh doesn't show that.

Marc0

Re: Login

OldSchool — Tue, 01 May 2007 09:19:11 GMT

ok. this msg :
"HP-UX Hostname B.11.11 U 9000/800 (tb)"
is the default for telnet

to remove it do the following:
a) create a file containing whatever you want this to say instead of the above msg. this file *can* be empty if desired. for this example, we're going to call it "/etc/blankfile"

b) edit /etc/inetd.conf. find the line w/ telnetd. you need to add
"-b /etc/blankfile" to the end so that it looks like this:
telnet stream tcp nowait root /usr/lbin/telnetd
telnetd -b /etc/blankfile

c) restart inetd running
"/usr/sbin/inetd -c"

the offending message should be gone

Re: Login

Marco A. — Tue, 01 May 2007 09:24:45 GMT

wow..., was close!!! =), good tip partner .., I knew that the inetd file was in the issue but don't knew what to change on it...

Thanks!

Re: Login

Bill Hassell — Tue, 01 May 2007 12:32:42 GMT

The line you are seeing with telnet is the file /etc/issue. NONE of the other files mentioned (/etc/motd, /etc/copyright, etc) are seen until after the login has been completed. Yes, you are absolutely correct that this is a security issue. Without any authentication at all, this file has provided the name of the OS, the hostname and the revision of the OS, all very useful to a hacker.

First, immediately change the /etc/issue file to nothing more than an identifier of the system, perhaps an alias or maybe just your company name -- nothing more.

Now, edit /etc/inetd.conf and make sure that telnet and rlogin have the /etc/issue file explicitly stated:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue
login stream tcp nowait root /usr/lbin/rlogind rlogind -B /etc/issue

It's important to note that if you do NOT specify the -b or -B option for these commands, they will use the default which looks like what you are seeing. Also, /etc/issue right out of the box looks like this:

GenericSysName [HP Release B.11.11] (see /etc/issue)

not a good choice. Once you change /etc/issue and inetd.conf, run inetd -c to re-read the file and tail syslog.log to make sure the changes were seen. Now, the no-login information will be secure.

NOTE: You certainly can put a blank line in /etc/issue but then it's tricky to figure out if you have connected to the right machine. And if you do not use ssh, worrying about /etc/issue is just rearranging deck chairs on the Titanic.