- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- disable ftp and telnet
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2011 11:38 PM
тАО03-19-2011 11:38 PM
I wan to completely disable telnet and ftp command in my HP-UX (11.11).
I have commented ftp and telnet line in /etc/inetd.conf and run inetd -c
It's working fine, other system can't telnet and ftp to my server.
But the problem is I still can do ftp and telnet to outside my server, how to disable the telnet and ftp so other user will not use telnet and ftp.
Please dont tel me to remove the telnet and ftp command :D
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2011 11:56 PM
тАО03-19-2011 11:56 PM
Re: disable ftp and telnet
why do you want to disable telnet and ftp to the outside ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 12:39 AM
тАО03-20-2011 12:39 AM
Re: disable ftp and telnet
Thanks for your response.
Actually my server is useing for data warehouse, files comes in and out very intensively.
I wan to do offline backup for all mountpoints, so I need to stop ftp to make sure there is no file coming from other system.
But I realize it's still possible for user to get file from other system using ftp from my server.
Btw I also have disable sftp from outside, but still can sftp to other system from my server. I want to disable it too.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 04:34 AM
тАО03-20-2011 04:34 AM
Re: disable ftp and telnet
what software do you use for datawarehouse ? is information is stored as files ? it should be oracle, etc. i think. it's enough to shutdown oracle while the backup process.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 04:59 AM
тАО03-20-2011 04:59 AM
Re: disable ftp and telnet
ftp & telnet.
Thanks
Manix
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 07:32 AM
тАО03-20-2011 07:32 AM
SolutionFor example:
groupadd telftp
usermod -G telftp yunardi #(or use sam)
chgrp telftp /usr/bin/ftp /usr/bin/telnet
chmod o-rx /usr/bin/ftp /usr/bin/telnet
NOTE: if you install patches or run "swverify -F", the default permissions will be restored to /usr/bin/ftp and /usr/bin/telnet, so you'll have to re-apply the chgrp and chmod commands afterwards.
To stop your users from making changes while offline backup is running, you might want to completely prevent non-root logins for the time of the backup.
Make sure /etc/default/security has NOLOGIN=1, then create file /etc/nologin before starting the backup and remove it after the backup is complete. While the file exists, no non-root logins will be accepted.
The contents of the /etc/nologin file will be displayed to the user attempting to log in, so you might want to write something like "Logins disabled because of offline backup. The backup is estimated to be complete at HH:MM".
After creating the nologin file, kick out the existing sessions of the other users, and you can be certain no user can interfere with your backup.
Of course, if your system runs an application that runs file transfers based on its own internal scheduling system, you must stop the application or do something else to stop its scheduling system from triggering. If you have allowed your users to create cron or at jobs, stopping the cron daemon would be a possible brute-force method to prevent them from running.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 06:23 PM
тАО03-20-2011 06:23 PM
Re: disable ftp and telnet
(the trafic more than 100GB/day uploaded into 30TB of database)
@matti, This seemed a good idea, I'll try to do this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 07:00 PM
тАО03-20-2011 07:00 PM
Re: disable ftp and telnet
Do you want to disable the telenet and ftp completely from ur server to outside server, then why no remove the telnet and ftp command ?? [BAD solution]
but it actually depend on the telentd daemon running on remote server it has nothing to do with your server.
Or you can use sudo and don users to use telnet and ftp command.
BR,
Kapil+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-20-2011 07:51 PM
тАО03-20-2011 07:51 PM
Re: disable ftp and telnet
The bastille product is meant as a general purpose security managment tool. IT will ask you a series of questions and then implement the security policy around the questions.
You can undo the changes with 1 command and redo the changes. The good thing is if you have multiple systems you can then move a config file over to another system and it will be locked down the same as the first.