HPE Community
Operating System - HP-UX
1836604 Members
3248 Online
110102 Solutions
New Discussion

Re: inetd.sec: Why user still able to TELNET

 
Shukor
Frequent Advisor

‎01-17-2011 02:02 AM

‎01-17-2011 02:02 AM

inetd.sec: Why user still able to TELNET

Hi experts,

I want to deny user access (telnet) from this IP range 23.148.* to 11.11 server. I've edited inetd.sec but user still able to telnet. Please find details below.

OS: HP-UX B.11.11
inetd.sec line: telnet deny 23.148.*

# who -Hu |grep 23.148
tracking pts/tPd Jan 17 16:25 1:34 11209 23.148.2.28
gnstrack pts/t2e Jan 17 13:07 0:28 12651 23.148.2.26
gnstrack pts/tUf Jan 17 17:31 0:03 26447 23.148.2.17
gnstrack pts/tch Jan 17 13:19 0:26 18937 23.148.2.26
gnstrack pts/t5j Jan 17 16:54 . 27832 23.148.2.16

# last -R |grep 23.148 |more
gnstrack pts/tQn 23.148.2.27 Mon Jan 17 17:54 still logged in
gnstrack pts/ttw 23.148.2.26 Mon Jan 17 17:49 still logged in
gnstrack pts/tUf 23.148.2.17 Mon Jan 17 17:31 still logged in
gnstrack pts/tRq 23.148.2.19 Mon Jan 17 17:28 still logged in
gnstrack pts/trO 23.148.2.18 Mon Jan 17 17:23 still logged in


Kindly advise. Thanks in advance. :)

0 Kudos
14 REPLIES 14
nijokj
Trusted Contributor

‎01-17-2011 02:37 AM

‎01-17-2011 02:37 AM

Re: inetd.sec: Why user still able to TELNET

Customize the /var/adm/inetd.sec file to selectively allow or deny telnet access to various hosts on the network.

Telnet deny 23.148.*.*

After editing this file issue
inetd -c command

try these and let me know if you facing any issue.
0 Kudos
Manix
Honored Contributor

‎01-17-2011 02:40 AM

‎01-17-2011 02:40 AM

Re: inetd.sec: Why user still able to TELNET

Have you run "inetd -c"

Customize the /var/adm/inetd.sec file to selectively allow or deny telnet access to various hosts on the network.

Telnet deny 128.1.*.* 128.2.1-8.* host1 host2 host3 host4

After editing this file issue
inetd -c command
Continually monitor the syslog and /var/adm/btmp file for failed telnet login attemps.
HP-UX been always lovable - Mani Kalra
0 Kudos
Jose Mosquera
Honored Contributor

‎01-17-2011 02:44 AM

‎01-17-2011 02:44 AM

Re: inetd.sec: Why user still able to TELNET

Hi,

First try with specific full IP numbers to discard incorrect wildcards use.

Is doesnt work please review your last inetd commulative patch level, may neeeds update:
#swlist -l product | grep -i inet:
PHNE_xxxx - 1.0 inetd(1M) cumulative patch

Rgds.
0 Kudos
Shukor
Frequent Advisor

‎01-17-2011 04:56 PM

‎01-17-2011 04:56 PM

Re: inetd.sec: Why user still able to TELNET

Hi nijokj, Manix & Jose,

Good to see your response. I did as suggested (inetd -c after edit inetd -sec) but user still can access this morning.

# date
Tue Jan 18 08:39:23 MAL 2011
# who -Hu |grep 23.148 |more
gnstrack pts/tj Jan 18 07:32 1:01 12449 23.148.2.17
gnstrack pts/tI Jan 18 08:08 0:02 14411 23.148.2.19
gnstrack pts/t7b Jan 18 07:08 0:08 7789 23.148.2.19
gnstrack pts/tMc Jan 18 07:20 0:06 24491 23.148.2.17
gnstrack pts/tOc Jan 18 07:11 0:30 12739 23.148.43.173
gnstrack pts/tVc Jan 18 07:12 0:55 13654 23.148.2.29
gnstrack pts/tZc Jan 18 08:03 0:09 5488 23.148.2.18
gnstrack pts/tBd Jan 18 06:30 0:03 10151 23.148.2.18
gnstrack pts/t3d Jan 18 07:19 0:03 23213 23.148.2.29
gnstrack pts/t4d Jan 18 06:52 0:37 11414 23.148.2.19
gnstrack pts/t6d Jan 18 07:43 0:01 27730 23.148.2.27
gnstrack pts/tue Jan 18 07:21 0:18 26359 23.148.2.17
gnstrack pts/tGe Jan 18 08:07 0:24 12275 23.148.2.26
gnstrack pts/tHe Jan 18 08:07 0:15 12366 23.148.2.26
gnstrack pts/tWf Jan 18 06:35 0:08 17015 23.148.2.16
tracking pts/t7f Jan 18 08:09 . 15010 23.148.7.51

# swlist -l product | grep -i inet
PHNE_35017 1.0 inetd(1M) cumulative patch

Any other suggestion gentlements?

Thanks.
:(
0 Kudos
Mohammad Sanaullah
Frequent Advisor

‎01-17-2011 05:47 PM

‎01-17-2011 05:47 PM

Re: inetd.sec: Why user still able to TELNET

Hi
to disable telnet completely comment following line in /etc/inetd.conf

telnet stream tcp nowait root usr/lbin/telnetd telnetd

and after that restart the inetd service using inetd -c.

and for restrictive use of Telnet, follow:
inetd.sec line: telnet deny *
Restart inetd service by inetd -c.

Sana
Alive
0 Kudos
Shukor
Frequent Advisor

‎01-17-2011 07:34 PM

‎01-17-2011 07:34 PM

Re: inetd.sec: Why user still able to TELNET

Mohammad,

We don't want to completely disable the telnet service but to restrict access for certain user those coming from the abovesaid IP Address range. Anyway thanks!
0 Kudos
Shibin_2
Honored Contributor

‎01-17-2011 07:48 PM

‎01-17-2011 07:48 PM

Re: inetd.sec: Why user still able to TELNET

Your patch is outdated. Please apply the latest one PHNE_36202.
Regards
Shibin
0 Kudos
nijokj
Trusted Contributor

‎01-17-2011 10:40 PM

‎01-17-2011 10:40 PM

Re: inetd.sec: Why user still able to TELNET

Hi,

Did you checked in your inetd.sec file telnet allow is existing or not.
If exists system will ignore the telnet deny.

Note:-
allow|deny determines whether the list of remote hosts in the next
field is allowed or denied access to the specified service. Multiple
allow|deny lines for each service is unsupported. If there are
multiple allow|deny lines for a particular service, all but the last
line are ignored.
0 Kudos
Shukor
Frequent Advisor

‎01-18-2011 12:30 AM

‎01-18-2011 12:30 AM

Re: inetd.sec: Why user still able to TELNET

Hi Shibin,

I don't see any symptoms of the mentioned patch that related to this telnet issue. Please advise further on patching.

Hi nijokj,

The same IP Address is not exist in allow portion.

0 Kudos
Jose Mosquera
Honored Contributor

‎01-18-2011 12:54 AM

‎01-18-2011 12:54 AM

Re: inetd.sec: Why user still able to TELNET

Hi Shukor,

Have you made the single and full IP address test? Does Works?

In any case I've observe that PHNE_35017 have been superseded by PHNE_36202 resolving a lot of critical failures. Please check on:
http://www11.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_36202&sel={hpux:11.11,}&BC=main|search|

As you will see the new patch do not have patch dependencies.

Rgds.
0 Kudos
nijokj
Trusted Contributor

‎01-18-2011 01:27 AM

‎01-18-2011 01:27 AM

Re: inetd.sec: Why user still able to TELNET

Hi,
In case allow is there system will allow only those IP to telnet to this system, remaining IPs denid by dèfaut, Can you post your inetd.conf whole entries.
0 Kudos
ManojK_1
Valued Contributor

‎01-18-2011 01:54 AM

‎01-18-2011 01:54 AM

Re: inetd.sec: Why user still able to TELNET

Hi Shukur,

Can you please confirm that all these logins are through telnet.

Kill the logins from segment 23.148.2.0 and append the following entry in
/var/adm/inetd.sec and verify.

telnet deny 23.148.2.1-254



Manoj K
Thanks and Regards,
Manoj K
0 Kudos
Shukor
Frequent Advisor

‎01-18-2011 02:05 AM

‎01-18-2011 02:05 AM

Re: inetd.sec: Why user still able to TELNET

Hi,

I've removed all entry for telnet allow because too many and getting user to test again. Locally tested and it's worked (specified IP Address). Will update and assign point once Korea's user responded.



0 Kudos
Shukor
Frequent Advisor

‎01-18-2011 05:18 PM

‎01-18-2011 05:18 PM

Re: inetd.sec: Why user still able to TELNET

SOLUTION: Remove "telnet allow" portion and retain only "telnet deny" (telnet deny 23.148) in inetd.sec.

From the solution above, maybe I could say..don't put "telnet allow" and "telnet deny" together in inet.sec file.

Thanks everyone!! :)

Shukor
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.