HPE Community
Operating System - HP-UX
1833867 Members
2420 Online
110063 Solutions
New Discussion

Re: how to disable and enable rlogin and CDE

 
SOLVED
Go to solution
Nguyen Anh Tien
Honored Contributor

‎10-13-2004 05:15 PM

‎10-13-2004 05:15 PM

how to disable and enable rlogin and CDE

Hi all.
I want disbale rlogin and CDE login fron specify IP or subnet on HPUX 11i.
Pls tell me how?
Thank
HP is simple
0 Kudos
Reply
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

‎10-13-2004 05:25 PM

‎10-13-2004 05:25 PM

Solution

Re: how to disable and enable rlogin and CDE

Hi,

rlogin can be easily disabled using /var/adm/inetd.sec file. Just specify the IP addresses/subnets that you want to allow. You will need to use 'login' as that is the service that allows rlogin. If you want to disable, remsh, rexec, then add 'shell' and 'exec' also. Examples are there in the file itself.

For CDE, I believe you meant X-window emulations. For that you will need to configure /etc/dt/config/Xaccess (copy one from /usr/dt/config directory) and add the lines like

!remotesys.yourdomian.com
!subdomain.yourdomain.com

to disallow access for remotesys and all the systems from subdomain.yourdomain.com domain. It shoudl have some examples already. Reset dtconfig to refresh this configuration '/usr/dt/bin/dtconfig -reset'

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-13-2004 05:27 PM

‎10-13-2004 05:27 PM

Re: how to disable and enable rlogin and CDE

Hi (Again),

For inetd.sec file, you will need to refresh inetd configuration using 'inetd -c' command to make the changes into effect.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Petr Simik_1
Valued Contributor

‎10-14-2004 02:32 AM

‎10-14-2004 02:32 AM

Re: how to disable and enable rlogin and CDE

1. disabling CDE entirely:
#/sbin/init.d/dtlogin.rc stop
#vi /etc/rc.config.d/desktop
DESKTOP=""

2. you may restrict CDE to selected hosts:
#vi /etc/dt/config/Xaccess
host1
host2
*.domain.com
!*
#/sbin/init.d/dtlogin.rc reset

3. you may prevent direct root login via CDE
#vi /etc/dt/config/Xstartup (or cp from /usr/dt...)
(add folowing at the end of file)
if [ $(id-u ) = 0 ]; then
exit 1
fi





0 Kudos
Reply
Petr Simik_1
Valued Contributor

‎10-14-2004 02:45 AM

‎10-14-2004 02:45 AM

Re: how to disable and enable rlogin and CDE

regardin access from specified hosts you can use tcpwrapper


than define /etc/hosts.allow - to determine if the client is explicitly allowed access if no than /etc/hosts.deny to determine if client is explicitly denied access


Sample:
#/etc/hosts.deny
ALL :ALL - allow all hosts access all services



for more info see
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.