- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: inetd.sec: Why user still able to TELNET
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 02:02 AM
01-17-2011 02:02 AM
inetd.sec: Why user still able to TELNET
I want to deny user access (telnet) from this IP range 23.148.* to 11.11 server. I've edited inetd.sec but user still able to telnet. Please find details below.
OS: HP-UX B.11.11
inetd.sec line: telnet deny 23.148.*
# who -Hu |grep 23.148
tracking pts/tPd Jan 17 16:25 1:34 11209 23.148.2.28
gnstrack pts/t2e Jan 17 13:07 0:28 12651 23.148.2.26
gnstrack pts/tUf Jan 17 17:31 0:03 26447 23.148.2.17
gnstrack pts/tch Jan 17 13:19 0:26 18937 23.148.2.26
gnstrack pts/t5j Jan 17 16:54 . 27832 23.148.2.16
# last -R |grep 23.148 |more
gnstrack pts/tQn 23.148.2.27 Mon Jan 17 17:54 still logged in
gnstrack pts/ttw 23.148.2.26 Mon Jan 17 17:49 still logged in
gnstrack pts/tUf 23.148.2.17 Mon Jan 17 17:31 still logged in
gnstrack pts/tRq 23.148.2.19 Mon Jan 17 17:28 still logged in
gnstrack pts/trO 23.148.2.18 Mon Jan 17 17:23 still logged in
Kindly advise. Thanks in advance. :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 02:37 AM
01-17-2011 02:37 AM
Re: inetd.sec: Why user still able to TELNET
Telnet deny 23.148.*.*
After editing this file issue
inetd -c command
try these and let me know if you facing any issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 02:40 AM
01-17-2011 02:40 AM
Re: inetd.sec: Why user still able to TELNET
Customize the /var/adm/inetd.sec file to selectively allow or deny telnet access to various hosts on the network.
Telnet deny 128.1.*.* 128.2.1-8.* host1 host2 host3 host4
After editing this file issue
inetd -c command
Continually monitor the syslog and /var/adm/btmp file for failed telnet login attemps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 02:44 AM
01-17-2011 02:44 AM
Re: inetd.sec: Why user still able to TELNET
First try with specific full IP numbers to discard incorrect wildcards use.
Is doesnt work please review your last inetd commulative patch level, may neeeds update:
#swlist -l product | grep -i inet:
PHNE_xxxx - 1.0 inetd(1M) cumulative patch
Rgds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 04:56 PM
01-17-2011 04:56 PM
Re: inetd.sec: Why user still able to TELNET
Good to see your response. I did as suggested (inetd -c after edit inetd -sec) but user still can access this morning.
# date
Tue Jan 18 08:39:23 MAL 2011
# who -Hu |grep 23.148 |more
gnstrack pts/tj Jan 18 07:32 1:01 12449 23.148.2.17
gnstrack pts/tI Jan 18 08:08 0:02 14411 23.148.2.19
gnstrack pts/t7b Jan 18 07:08 0:08 7789 23.148.2.19
gnstrack pts/tMc Jan 18 07:20 0:06 24491 23.148.2.17
gnstrack pts/tOc Jan 18 07:11 0:30 12739 23.148.43.173
gnstrack pts/tVc Jan 18 07:12 0:55 13654 23.148.2.29
gnstrack pts/tZc Jan 18 08:03 0:09 5488 23.148.2.18
gnstrack pts/tBd Jan 18 06:30 0:03 10151 23.148.2.18
gnstrack pts/t3d Jan 18 07:19 0:03 23213 23.148.2.29
gnstrack pts/t4d Jan 18 06:52 0:37 11414 23.148.2.19
gnstrack pts/t6d Jan 18 07:43 0:01 27730 23.148.2.27
gnstrack pts/tue Jan 18 07:21 0:18 26359 23.148.2.17
gnstrack pts/tGe Jan 18 08:07 0:24 12275 23.148.2.26
gnstrack pts/tHe Jan 18 08:07 0:15 12366 23.148.2.26
gnstrack pts/tWf Jan 18 06:35 0:08 17015 23.148.2.16
tracking pts/t7f Jan 18 08:09 . 15010 23.148.7.51
# swlist -l product | grep -i inet
PHNE_35017 1.0 inetd(1M) cumulative patch
Any other suggestion gentlements?
Thanks.
:(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 05:47 PM
01-17-2011 05:47 PM
Re: inetd.sec: Why user still able to TELNET
to disable telnet completely comment following line in /etc/inetd.conf
telnet stream tcp nowait root usr/lbin/telnetd telnetd
and after that restart the inetd service using inetd -c.
and for restrictive use of Telnet, follow:
inetd.sec line: telnet deny
Restart inetd service by inetd -c.
Sana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 07:34 PM
01-17-2011 07:34 PM
Re: inetd.sec: Why user still able to TELNET
We don't want to completely disable the telnet service but to restrict access for certain user those coming from the abovesaid IP Address range. Anyway thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 07:48 PM
01-17-2011 07:48 PM
Re: inetd.sec: Why user still able to TELNET
Shibin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2011 10:40 PM
01-17-2011 10:40 PM
Re: inetd.sec: Why user still able to TELNET
Did you checked in your inetd.sec file telnet allow is existing or not.
If exists system will ignore the telnet deny.
Note:-
allow|deny determines whether the list of remote hosts in the next
field is allowed or denied access to the specified service. Multiple
allow|deny lines for each service is unsupported. If there are
multiple allow|deny lines for a particular service, all but the last
line are ignored.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 12:30 AM
01-18-2011 12:30 AM
Re: inetd.sec: Why user still able to TELNET
I don't see any symptoms of the mentioned patch that related to this telnet issue. Please advise further on patching.
Hi nijokj,
The same IP Address is not exist in allow portion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 12:54 AM
01-18-2011 12:54 AM
Re: inetd.sec: Why user still able to TELNET
Have you made the single and full IP address test? Does Works?
In any case I've observe that PHNE_35017 have been superseded by PHNE_36202 resolving a lot of critical failures. Please check on:
http://www11.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_36202&sel={hpux:11.11,}&BC=main|search|
As you will see the new patch do not have patch dependencies.
Rgds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 01:27 AM
01-18-2011 01:27 AM
Re: inetd.sec: Why user still able to TELNET
In case allow is there system will allow only those IP to telnet to this system, remaining IPs denid by dèfaut, Can you post your inetd.conf whole entries.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 01:54 AM
01-18-2011 01:54 AM
Re: inetd.sec: Why user still able to TELNET
Can you please confirm that all these logins are through telnet.
Kill the logins from segment 23.148.2.0 and append the following entry in
/var/adm/inetd.sec and verify.
telnet deny 23.148.2.1-254
Manoj K
Manoj K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 02:05 AM
01-18-2011 02:05 AM
Re: inetd.sec: Why user still able to TELNET
I've removed all entry for telnet allow because too many and getting user to test again. Locally tested and it's worked (specified IP Address). Will update and assign point once Korea's user responded.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2011 05:18 PM
01-18-2011 05:18 PM
Re: inetd.sec: Why user still able to TELNET
From the solution above, maybe I could say..don't put "telnet allow" and "telnet deny" together in inet.sec file.
Thanks everyone!! :)
Shukor