Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
68697071727374757677
Solaris 9 Security CX-310-301 72
telnet stream tcp nowait root /usr/local/bin/tcpd in.telnetd –d1
Denying and Allowing Host Connects
The files /etc/hosts.allow and /etc/hosts.deny can be created to allow or deny specific connections.
Note that if there is no entry, then access is allowed.
One way round this is to edit the two files like this:
In /etc/hosts.deny put the following entry:
ALL: ALL:
Then, to allow for example, 192.168.1.1 to use telnet, put the following entry in /etc/hosts.allow:
in.telnetd: 192.168.1.1
The solution above will only allow 192.168.1.1 to connect. All other connections will be refused.
Denying Connections with a Banner Message
When a connection is refused, it is good practice to supply an information message. TCP Wrappers allows
this by creating a number of banner files that can be displayed to the user when a connection is refused.
Follow these steps to create a standard banner message for the connection daemons:
¾ Create the directory /etc/tcpd.deny
# mkdir /etc/tcpd.deny
¾ Copy the Makefile to this directory
# cp /usr/local/doc/tcp_wrappers/Banners.Makefile /etc/tcpd.deny/makefile
¾ Create and edit the file prototype in /etc/tcpd.deny. An example message is shown below:
Warning! This is an unauthorized connection and has been logged.
This host is constantly monitored and violations will be reported.
¾ Save the file and change to the directory, then run make.
# cd /etc/tcpd.deny
# make
cp prototype in.telnetd
chmod 644 in.telnetd
sed 's/^/220-/' prototype > in.ftpd
chmod 644 in.ftpd
echo 'main() { write(1,"",1); return(0); }' >nul.c
gcc -s -o nul nul.c