HPE Community
Operating System - HP-UX
1838263 Members
3578 Online
110125 Solutions
New Discussion

How to deny telnet access

 
SOLVED
Go to solution
Preet Dhillon
Advisor

‎08-06-2001 05:14 AM

‎08-06-2001 05:14 AM

How to deny telnet access

I want to deny a user called 'pine' telnet access to my HP-UX server.
I've edited /var/adm/inetd.sec to include the following line :
telnet deny pine
and then initialised the inetd daemon using inetd -c.
BUT when I try telnet to this server as the pine user, it STILL allows telnet access!
Does anyone know why?
Many thanks in advance :-)
Nothing succeeds like excess
0 Kudos
Reply
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

‎08-06-2001 05:28 AM

‎08-06-2001 05:28 AM

Solution

Re: How to deny telnet access

Hi Preet:

/var/adm/inetd.sec holds 'hostnames' (or IPaddresses) *not* user names for allowing or denying services.

...JRF...
Reply
Stefan Farrelly
Honored Contributor

‎08-06-2001 05:28 AM

‎08-06-2001 05:28 AM

Re: How to deny telnet access


/var/adm/inetd.sec is really for denying network access - via ip, not per user.

If you want to deny by user you will need to add some scripting to either /etc/profile or the users .profile.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Magdi KAMAL
Respected Contributor

‎08-06-2001 05:50 AM

‎08-06-2001 05:50 AM

Re: How to deny telnet access

Hi Preet,

The syntaxe of the file /var/adm/inetd.sec is as follow :



example :
telnetd denny 132.141.15.3

This will denny access to telnetd process by ALL connections comming from server identified by address 132.141.15.3.

You may filter the user that you want to denny access by codding in the /etc/profile file.

Magdi
Reply
Magdi KAMAL
Respected Contributor

‎08-06-2001 05:58 AM

‎08-06-2001 05:58 AM

Re: How to deny telnet access

Hi again Preet,

you may code in the /etc/profile file the following test :

if [ $LOGNAME = 'badUser' ]
then
exit 1
fi


I tried it and it works fine giving the following message :

Connection closed by foreign host.

Magdi
Reply
Joseph C. Denman
Honored Contributor

‎08-06-2001 06:32 AM

‎08-06-2001 06:32 AM

Re: How to deny telnet access

You can also take away his shell so he cannot telnet.

echo "exit 1" > /usr/bin/false
chmod 555 /usr/bin/false

Modify the user's shell as /usr/bin/false.

The user will not be able to telnet but will still be able to ftp.

Hope this helps.

...jcd...
If I had only read the instructions first??
Reply
Ralf Hildebrandt
Valued Contributor

‎08-06-2001 08:48 AM

‎08-06-2001 08:48 AM

Re: How to deny telnet access

If you want to do this on a per user level, you need to use tcp_wrappers instead of inetd.sec ...
You can get it at
ftp://ftp.porcupine.org/pub/security/index.html
Postfix/BIND/Security/IDS/Scanner, you name it...
Reply
Deshpande Prashant
Honored Contributor

‎08-06-2001 09:07 AM

‎08-06-2001 09:07 AM

Re: How to deny telnet access

HI
Dening telnet access will need to be done through little scripting in /etc/profile file.
Alternatively change the user shell to /usr/bin/false to restrict user to only ftp.

inetd.sec file will help you to restict access by IP addresses/host names.

Thanks.
Prashant
Take it as it comes.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.