- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: telnet from other networks, how to monitor / r...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 11:46 AM
08-07-2001 11:46 AM
The command 'last -R' is difficult because it returns the name and not the address of the originating host. Since hostnames inside the network change and don't follow a pattern, it's difficult to awk/grep my way through a list, to pull out the "non-local" hostnames.
If I can find a way to pick a non-local host out of a 'who' or 'last' command, I could monitor them. And, the next step, via /etc/profile I could then restrict logins to certain users from non-local hosts - which would be better still.
Any good ideas on how to accomplish this? I really want only certain accounts, i.e. outside sales staff and certain tech support staff, to have telnet access from the internet.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 11:51 AM
08-07-2001 11:51 AM
Re: telnet from other networks, how to monitor / restrict?
man inetd
You could also install tcpwrapper.
...jcd...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 11:58 AM
08-07-2001 11:58 AM
SolutionYou are a brave soul allowing telnet access from the internet. You really, really need a firewall with authenication but at least a start is to enable logging with inetd -l to enable logging. This is going to generate a lot of data. You could then monitor syslog for telnet connections.
You can also look at /etc/wtmp using fwtmp.
Clay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 11:59 AM
08-07-2001 11:59 AM
Re: telnet from other networks, how to monitor / restrict?
In addition to leveraging 'who -mR' in a user's $HOME/profile or in /etc/profile, you can allow and/or deny telnet by IPaddress or hostname in /var/adm/inetd.sec. See 'man 4 inetd.sec' for more details.
You can toggle logging of connection attemps(successful and failed) into /var/adm/syslog/syslog.log with:
# /usr/sbin/inetd -l
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 12:07 PM
08-07-2001 12:07 PM
Re: telnet from other networks, how to monitor / restrict?
For example, I could put this logic into /etc/profile:
if hostname not local and user not on list, log him out now.
I guess my only problem is answering the question "is this host local?", as I describe in my first post.
Commands I am familiar with return hostnames, not IP addresses, which I find hard to work with since they change and follow no pattern.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 12:16 PM
08-07-2001 12:16 PM
Re: telnet from other networks, how to monitor / restrict?
I agree there is some risk in allowing the access - I do have a firewall box (Livingston Portmaster), and I will look into whether or not I can control access there, but I only want to control telnet, not HTTP packets etc.
The firewall is restricting stuff just fine as far as ports go, i.e. users can ftp out, but not in.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 12:17 PM
08-07-2001 12:17 PM
Re: telnet from other networks, how to monitor / restrict?
If you want ip addresses and you know the hostname you can use the getip command.
e.g. getip "frodo" will print 10.1.1.45 to stdout
or getip `hostname` will print the current hostname's ip address to stdout.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 01:12 PM
08-07-2001 01:12 PM
Re: telnet from other networks, how to monitor / restrict?
So, I'm leaning toward this in /etc/profile:
myhost=`who -um|awk '{print $NF}'`
myaddr=`getip $myhost`
locnet="192.10.10."
Then, some logic to decide if $myaddr is on my own network, by comparing the first part of $myaddr with $locnet.
If it is -not-, look up the $LOGNAME in an access list to decide if the user can come in.
Is this really way out there, or too much of a hack?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 01:29 PM
08-07-2001 01:29 PM
Re: telnet from other networks, how to monitor / restrict?
Yes you're on the right track and getip is for some reason a little known command. I would still look into firewall doing user validation.
Most will allow you to configure services on a per-user basis. e.g. anyone can user http but not everyone has access to ftp or telnet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2001 06:01 PM
08-07-2001 06:01 PM
Re: telnet from other networks, how to monitor / restrict?
Already I am not liking what I have done in /etc/profile. For one thing, even users that you 'su -' to, need to be on the access list, since 'su -' also executes /etc/profile. So I log in as myself, then su to root, and get denied because root is not on the access list. (actually root can only login on the console anyway but you see what is happening).
So it works OK but is a bit messy.
One nice thing, I have the script create a log file and send me email on denials. Remember, invalid passwords don't get this far; only a valid login/password that runs /etc/profile, but that is not on my access list gets denied.
So for those interested it works but I'm not sure that I like it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2001 08:08 AM
08-08-2001 08:08 AM
Re: telnet from other networks, how to monitor / restrict?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2001 12:41 PM
08-08-2001 12:41 PM
Re: telnet from other networks, how to monitor / restrict?
None of this addresses the inherent security issues with telnet, but otherwise keeps users logging in from outside the network to a select few; they must have an account and know the password, and it must be an account in a special access group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2001 06:32 PM
08-08-2001 06:32 PM
Re: telnet from other networks, how to monitor / restrict?
local network. If price is an issue there are some
decent public domain clients available like Teraterm.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2002 10:58 AM
06-12-2002 10:58 AM
Re: telnet from other networks, how to monitor / restrict?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2002 11:11 AM
06-12-2002 11:11 AM
Re: telnet from other networks, how to monitor / restrict?
I don't believe that's correct - when you go to single user mode you'll just see a lot of "not found" errors generated from /etc/profile. You still get logged in, though.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2002 11:18 AM
06-12-2002 11:18 AM
Re: telnet from other networks, how to monitor / restrict?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2002 11:25 AM
06-12-2002 11:25 AM
Re: telnet from other networks, how to monitor / restrict?
Actually I just tried putting a sed statement on the end my /etc/profile on my C160 11i playpen and booted into single user mode. I didn't see a single error. It doesn't look like it's sourcing /etc/profile at all!?
for what it's worth,
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2002 11:29 AM - last edited on 06-19-2024 09:51 PM by Parvez_Admin
06-12-2002 11:29 AM - last edited on 06-19-2024 09:51 PM by Parvez_Admin
Re: telnet from other networks, how to monitor / restrict?
Fred,
I know this is an old post but...
I have a getmac script (short but useful) that can only return the MAC Address for our local ip addresses.
The script uses: arp ipaddr
Since the arp cache is only used for local hosts, it might do the trick.