This widget could not be displayed.
HPE Community
Operating System - HP-UX
1845515 Members
2442 Online
110244 Solutions
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
New Discussion
This widget could not be displayed.
This widget could not be displayed.

Limit Telnet Session

 
SOLVED
Go to solution
MRSG
Frequent Advisor

‎04-09-2003 02:00 AM

‎04-09-2003 02:00 AM

Limit Telnet Session

Hi,
I have been involved in tightening the security of our hpux boxes. One of the tasks is limiting telnet session.
What I have found couple of things on the forum is limiting telnet session using .profile(per user) and also using /etc/default/security file for system wide.
What I noticed is that when I use security file to limit telnet session (system wide) it does not affect for X windows (rexec) unless I change to telnet in X windows which is no use. Is there anyway how I can limit number of session on system wide rather modifying .profile of 100's of users if they are using X window and most of the users login remotely.
HP-UX version is 10.20, 11.00 and 11.11
Thanks very much for you input.
Cheers,
Harry.
0 Kudos
Reply
6 REPLIES 6
Pete Ellis
Trusted Contributor

‎04-09-2003 02:09 AM

‎04-09-2003 02:09 AM

Re: Limit Telnet Session

Do a man on inetd.sec, the file is in /var/adm You can also stop rexec all together in /etc/inetd.conf
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎04-09-2003 02:10 AM

‎04-09-2003 02:10 AM

Re: Limit Telnet Session

If I understand correctly when you say X windows, you could limit the number of pty(s) available via the kernel paramter npty. This, obviously, would be on a system wide basis rather than per user.


Pete

Pete
0 Kudos
Reply
Balaji N
Honored Contributor

‎04-09-2003 02:16 AM

‎04-09-2003 02:16 AM

Re: Limit Telnet Session

hi,
i guess there is no single way.

copy /usr/dt/config/Xstartup to /etc/dt/config and use it for controlling login session using X and /etc/profile for telnet logins.

hth
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎04-09-2003 02:17 AM

‎04-09-2003 02:17 AM

Re: Limit Telnet Session

Look into the kernel parameters

npty -pseudo ttys system wide

nstrtel--telnet device files
system wide


This is one of the ways where you can restrict.
0 Kudos
Reply
Glenn Joseph Andal
Frequent Advisor

‎04-09-2003 06:43 PM

‎04-09-2003 06:43 PM

Re: Limit Telnet Session

Sir,

You can use ssh2 that are downloadable from the web. this is more secure than using telnet. aside from authentication you can also limit the device/user to access your servers.

thank you
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-09-2003 07:37 PM

‎04-09-2003 07:37 PM

Solution

Re: Limit Telnet Session

You can limit telnet sessions the ways noted above. Or, you can stop using telnet.

I'm pasting in my entire link list of helpful security enhancing tools, like secure shell, mentioned above and a few other toys that will really help you out. Pay close attention to Bastille, its a real time saver.

Links:


security_patch_check: Checks your system and makes sure its up to date with security patches from HP
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA


Required Perl install

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Bastille: Security Hardening Tool

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

Secure Shell: a replacement for rcp ftp and telnet that encrypts passwords

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

IDS/9000 Intrusion Detection System which can track security breaches and attempted security breaches.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

pam kerobos
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5849AA



Attached is Chris Vail's paper on how to set up passwordless services by exchanging public keys.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.