User access question. 2003-02-14 - By James P. Roberts
Back
> I can't turn off telnet/rlogin services because i'm restrict certain
> user only.
>
> "Taylor, ForrestX" wrote:
> >
> > > From: Jason Lim [mailto:limcm@(protected)]
> > >
> > > Hi all,
> > >
> > > I'm using Redhat 7.1 as my Application server. I have develop an
> > > inventory application for my customer. What my qustion is I'm
going to
> > > create an user which can only access from my own application but
then
> > > cannot access from telnet or rlogin..?
> > > Please advise.
> > > Thanks.
> >
> > Either use a firewall and only allow the ports that your application
is
> > using, or simply turn off telnet/rlogin.
> >
> > Forrest
My suggestion would be to use xinetd to listen on the appropriate
port(s), and hand off to the custom application after validating the
user. I'm pretty sure xinetd can do that, although the term
"TCP-wrappers" also comes to mind -- Could someone kindly kick-start my
brain on that? IIRC, you compile xinetd with TCP-wrappers support, and
specify in the corresponding xinetd configuration file (which will be a
file with same name as the desired service, placed in /etc/xinetd.d/)
which users are permitted what level of access to that service. Make
sure xinetd is enabled at boot time, and also make very sure that you
have disabled any xinetd services that you do not want running!
(Typically by setting "disable = yes" in, or by deleting, the
corresponding files in /etc/xinetd.d).
This can also be used to restrict access to rlogin and telnet, if I am
not mistaken.
The suggestion to lock down all unused ports with a good firewall is
also an excellent suggestion. I recommend iptables; it is the newest,
most flexible, and most powerful of the Linux firewalls, that I am aware
of (it replaces the older ipchains, and still older ipfwadm). If you
are responsible for a Linux server, I strongly recommend learning this
technology.
Regards,
Jim
|
|
