Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
. I've recently set up ssh on my Red Hat 6.0 box, and I want to allow access ONLY through ssh. In order to discourage the use of telnet, I want to post a message when a user first connects to port 23, before the prompt for the login comes up. That way, I can tell users to use ssh on port 22 instead, and also where to get copies of ssh. It won't run login either. The best case scenario would be, the user would read the message, hit a key, and the connection is dropped.
. Is there some way to customize the in.telnetd program to deny logins after sending a message? Or will I need to code a special program for this?
well, thanks, but where in the telnetd code is the call to login? I spent a while going through it, but I couldn't really find out where it makes the call externally. Also, if it's not going to start up a shell, how would I go about removing all the shell stuff, so it doesn't start up a shell and have to close it all down again?
#:STANDARD: These are standard services.
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd
#telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd
ssh stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/sshd1 -i
You should always Close Down Unnecessary Services. A good way to find out what's going on is to run the command netstat -vat The output will look something like the following:
root$ netstat -vat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 dsl081-050-241.dsl-:ftp grce.speakeasy.or:3045 ESTABLISHED
tcp 0 0 dsl081-050-241.d:telnet dsl081-00-04-sfo:4169 ESTABLISHED
tcp 0 0 *:1004 *:* LISTEN
tcp 0 0 dsl081-050-241.dsl:1624 cs6.ms.yahoo.com:5050 ESTABLISHED
tcp 0 0 dsl081-050-241.d:telnet dsl81-050-1-sfo:2103 ESTABLISHED
tcp 0 0 *:6000 *:* LISTEN
tcp 0 138 dsl081-050-241.d:telnet dsl081-00-1-sfo:1697 ESTABLISHED
tcp 0 0 dsl081-050-241.d:telnet dsl081-00-14-sfo:1026 ESTABLISHED
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:linuxconf *:* LISTEN
tcp 0 0 *:amidxtape *:* LISTEN
tcp 0 0 *:amandaidx *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.