Re: Login

Hi

When i am doing a telnet to my system it is showing following message before login prompt.
"HP-UX Hostname B.11.11 U 9000/800 (tb)"

But security point of view it should not be happend so please let me know how should i change this and normally instade of this message what should i put ?

10 REPLIES 10

Hi,
have you checked the file /etc/inetd.conf .
Look for the telnet line, which would call a file.

You may want to look at this similar thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=223757

Please read:
http://66.34.90.71/ITRCForumsEtiquette/after.html

Please also read:
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
on how to reward any useful answers given to your questions.

So far you have rewarded only 7 of 45 answers !

>But security point of view it should not be
>happend so please let me know how should i
>change this and normally instade of this
>message what should i put ?

From a security point of view, you shouldn't be running telnet at all. All network traffic, including passwords, is transmitted in cleartext.

PCS

Hello,

You can check for that at the following files.

/etc/motd
/etc/profile or $HOME/.profile , but actually I believe that these two option are the right for you.

Try that, and let us know your results trying to enter to the system again.

Marc0

Just unplug and plug in again ....

Check this out.

At the end of my "/root/.profile" you can see the following. :

# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"
export HISTFILE=/root/.sh_history
export HISTSIZE=3000
umask 022
PS1=`id -un`'@'`hostname`:'${PWD##//}> '

----------------
Probably you have something like that with that message in your .profile file.

Regards,

MArc0

Just unplug and plug in again ....

Check the /etc/copyright file, which is cat'd in /etc/profile.

Pete

Pete

Hello John,

Actually I see that the banner you say could not be removed and is part of the system.

http://docs.hp.com/en/5991-6482/ch03s10.html

AFTER logged into the system, you can see reflected the other banner such as /etc/motd, /etc/issue, /etc/copyright , and the .profile files.

I believe that info cannot be remove it from there.

Regards.

Just unplug and plug in again ....

Well...., I'm talking about telnet..., telnet shows that..., if you connect to the server using ssh you will not see that, so ...I think that maybe modifying the /etc/inetd.conf file or something like that you could achieve that, but ssh doesn't show that.

Marc0

Just unplug and plug in again ....

ok. this msg :
"HP-UX Hostname B.11.11 U 9000/800 (tb)"
is the default for telnet

to remove it do the following:
a) create a file containing whatever you want this to say instead of the above msg. this file *can* be empty if desired. for this example, we're going to call it "/etc/blankfile"

b) edit /etc/inetd.conf. find the line w/ telnetd. you need to add
"-b /etc/blankfile" to the end so that it looks like this:
telnet stream tcp nowait root /usr/lbin/telnetd
telnetd -b /etc/blankfile

c) restart inetd running
"/usr/sbin/inetd -c"

the offending message should be gone

wow..., was close!!! =), good tip partner .., I knew that the inetd file was in the issue but don't knew what to change on it...

Thanks!

Just unplug and plug in again ....

The line you are seeing with telnet is the file /etc/issue. NONE of the other files mentioned (/etc/motd, /etc/copyright, etc) are seen until after the login has been completed. Yes, you are absolutely correct that this is a security issue. Without any authentication at all, this file has provided the name of the OS, the hostname and the revision of the OS, all very useful to a hacker.

First, immediately change the /etc/issue file to nothing more than an identifier of the system, perhaps an alias or maybe just your company name -- nothing more.

Now, edit /etc/inetd.conf and make sure that telnet and rlogin have the /etc/issue file explicitly stated:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue
login stream tcp nowait root /usr/lbin/rlogind rlogind -B /etc/issue

It's important to note that if you do NOT specify the -b or -B option for these commands, they will use the default which looks like what you are seeing. Also, /etc/issue right out of the box looks like this:

GenericSysName [HP Release B.11.11] (see /etc/issue)

not a good choice. Once you change /etc/issue and inetd.conf, run inetd -c to re-read the file and tail syslog.log to make sure the changes were seen. Now, the no-login information will be secure.

NOTE: You certainly can put a blank line in /etc/issue but then it's tricky to figure out if you have connected to the right machine. And if you do not use ssh, worrying about /etc/issue is just rearranging deck chairs on the Titanic.

Bill Hassell, sysadmin