Operating System - HP-UX
1833875 Members
1638 Online
110063 Solutions
New Discussion

Re: Denying host access or telnet from specific IP address

 
SOLVED
Go to solution
ShivKumar_1
Frequent Advisor

Denying host access or telnet from specific IP address

Hi guys,
I want the users to be able to telnet to my production box only from specific IP range. My local IP is 157.226.0.0 so in other words any one who is outside that range should not be able to access the boxes.
We have other branch offices which are on a different IP range, like 162.0.0.0 so my aim is to restrict those users.

Any thoughts on how this can be done would be appreciated.

Thnks
--SK
6 REPLIES 6
Uday_S_Ankolekar
Honored Contributor
Solution

Re: Denying host access or telnet from specific IP address

This can be done by configuring /var/adm/inetd.sec file.
In this file you can control access to specific services like telnet,login shell,ftp etc by either ip address or network or hostname

-USA..
Good Luck..
ShivKumar_1
Frequent Advisor

Re: Denying host access or telnet from specific IP address

Hi uday,
Thnks for the response, can you give me the syntax that can be put in that file, so that some IP address are denied like
168.0.0.1( in my case)

Also on some other boxes, I would like to trap users who log on from that IP address range, my systems are not trusted and auditing is not truned on whats the way of trapping logins from specific IP addr range?

--SK
Alzhy
Honored Contributor

Re: Denying host access or telnet from specific IP address

Use TCPWRAPPERS. And here's the HP Supported Version:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP

Follows allow and deny methodologies for any inetd controlled daemons...


Hakuna Matata.
Helen French
Honored Contributor

Re: Denying host access or telnet from specific IP address

For finding out the syntax of inetd.sec file, read the file itself:

# cat /var/adm/inetd.sec

This file has examples in it which shows you the right syntax. Also, for more information:

# man 4 inetd.sec
Life is a promise, fulfill it!
Geoff Wild
Honored Contributor

Re: Denying host access or telnet from specific IP address

# The form for each entry in this file is:
#
#
#

To Edit the /var/adm/inetd.sec File

The /var/adm/inetd.sec file is a security file that inetd reads to determine which remote hosts are allowed access to the services on your host. The inetd.sec file is optional; you do not need it to run the Internet Services.

You can use either a text editor or SAM to edit the inetd.sec file. SAM (System Administration Manager) is Hewlett-Packard's windows-based user interface for performing system administration tasks. To run SAM, type sam at the HP-UX prompt. SAM has an extensive online help facility.

If the /var/adm/inetd.sec file does not exist on your host, copy /usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.

Create one line in inetd.sec for each service to which you want to restrict access. Do not create more than one line for any service.

Each line in the /var/adm/inetd.sec file has the following syntax:


service_name {allow} host_specifier [host_specifier...]
{deny}


where service_name is the first field in an entry in the /etc/inetd.conf file, and host_specifier is a host name, IP address, IP address range, or the wildcard character (*).

Make sure the /var/adm/inetd.sec file is owned by user root and group other, and make sure its permissions are set to 0444 (-r--r--r--).
Following are some example lines from an inetd.sec file:


login allow 10.*
shell deny vandal hun
tftp deny *
The first example allows access to rlogin from any IP address beginning with 10. The second example denies access to remsh and rcp from hosts vandal and hun. The third example denies everyone access to tftp.

Only the services configured in /etc/inetd.conf can be configured in /var/adm/inetd.sec.

For more information, type man 4 inetd.sec or man 1M inetd.



Also see the following:

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B3921-90010/B3921-90010_top.html&con=/hpux/onlinedocs/B3921-90010/00/19/1947-con.html&toc=/hpux/onlinedocs/B3921-90010/00/19/1947-toc.html&searchterms=inetd.sec&queryid=20031117-143544


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
ShivKumar_1
Frequent Advisor

Re: Denying host access or telnet from specific IP address

Hi guys
Thnks for the response, I will try out , the options suggested by every one.


--SK