If it does not exist, make a new file by editting #vi /var/adm/inetd.sec then following the format: service allow|deny ip-address i.e: telnet deny 192.168.1.1
HMT
Bus wait at bus station, Work wait at my work station
What is your OS's platform? For HP-UX, you can modify the /var/adm/inetd.sec file to allow with IP can telnet to your server. For SUN or AIX, it is difference.
Step one - Create a file named /etc/telnet.allow. Include logins that require telnet access.
Step two - Add the following to /etc/profile: --------------------------------------
# # Configure telnet access - root can always telnet to the server # if [ -f /etc/telnet.allow ] ; then user_id=${LOGNAME} telnetused=`/usr/bin/ps -f | grep "[t]elnetd" | grep -v "grep" | wc -l` if [ -s /etc/telnet.allow ] ; then userallowcount=`grep "^$user_id$" /etc/telnet.allow | wc -l` else userallowcount=0 fi if [ $telnetused -gt 0 -a $userallowcount -eq 0 -a "Xroot" != "X${LOGNAME}" ] ; then DATEE=`/usr/bin/date +%Y%m%d` TIMEE=`/usr/bin/date +%H%M%S` NDNAME=`/usr/bin/uname -n` BASENM=`/usr/bin/basename $0` echo "ERMS1311: Error - Telnet access is not allowed... Terminating" if [ -f /usr/bin/logger ] ; then
/usr/bin/logger -t "login" "ERMS1311: Error - Telnet access for ${LOGNAME} is not allowed... Te rminating..." fi echo "ERMS1001: Error - YOU DO NOT HAVE TELNET ACCESS TO THIS SERVER" echo "SESSION TERMINATING IN 10 SECONDS" echo "${DATEE} : ${TIMEE} : ${NDNAME} : ${user_id} : ERMS1311 Telnet access not allo wed" >> /var/adm/security/telnet_deny.log sleep 10 exit 99 fi fi
--------------------------------------
It might not be pretty but it works. Failures are logged to /var/adm/security/telnet_deny.log
