HPE Community
Operating System - HP-UX
1827399 Members
6069 Online
109965 Solutions
New Discussion

Re: rhost file?

 
SOLVED
Go to solution
Greta Blamire
Frequent Advisor

‎09-21-2000 10:32 AM

‎09-21-2000 10:32 AM

rhost file?

I would like to disable other computers (i.e. my other servers) from connecting to my production box unless I need it at the time. Is there an easy way to do this? What else could be affected by doing this?
environment: HPK260 running 11.0 and Oracle DB
If you can't face the facts, change them!
0 Kudos
Reply
4 REPLIES 4
Rick Garland
Honored Contributor

‎09-21-2000 10:34 AM

‎09-21-2000 10:34 AM

Re: rhost file?

Look at the inet.sec file. This will allow only the listed servers to access the system.
Also, the .rhosts file will not do this for you.
Reply
melvyn burnard
Honored Contributor

‎09-21-2000 10:36 AM

‎09-21-2000 10:36 AM

Solution

Re: rhost file?

when you say disable other servers from connecting, you will need to think of what they are using to connect; e.g.ftp, telnet etc.

I would suggest you start by looking at the man page for inetd.sec, and take it from there.
You will need to take care that you do not prevent network connection for you to log in as the superuser, for example.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Reply
Stefan Farrelly
Honored Contributor

‎09-21-2000 10:36 AM

‎09-21-2000 10:36 AM

Re: rhost file?


It depends by what method you want to stop your other servers connecting, telnet, remsh, X login, ftp etc. Whatever method, the best way to deny access is the /var/adm/inetd.sec file. See manpage on inetd.sec, easy to block out anyone by any method by ip.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Kofi ARTHIABAH
Honored Contributor

‎09-21-2000 10:40 AM

‎09-21-2000 10:40 AM

Re: rhost file?

Greta:

I am assuming from the subject line that you do not want others to be able to rlogin from any of your other servers unless required?

1. you can remove ~/.rhosts from your server (that you want to protect)
2. make sure that you remove /etc/hosts.equiv
3. You can edit /var/adm/inetd.sec so that you include an entries to disable the the login service
eg.
login deny * # this denies all rlogin type commands
4. restart inetd with
# inetd -c

5. You have to write a trigger mechanism that will allow you to turn it when required...and when to turn it back off. This could be a script that can be somehow executed automatically (eg. through the cron, if it is a time dependent trigger)

perhaps if you provided more information as to why you want this done, it might be possible to provide you with scripts etc.

nothing wrong with me that a few lines of code cannot fix!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.