[olug] Unix Tip: LOCK DOWN TELNET OR FTP

Nick Walter waltern at iivip.com
Sun Feb 23 11:34:29 UTC 2003


I use telnet waaaaaaay more than I use ssh.  I've got tons of older *nix
boxes (mostly UnixWare) hanging around at work, all still faithfully doing
their tasks.  I've even got a few system running AT&T Unix on hotrod 80386
processors.  To interface with all the legacy stuff, I gotta telnet.  And
since all the newer Linux boxes have telnet also I just telnet for
everything instead of having to stop and think about which tool to use for
which system.

Having said all that, I still am a firm believer in disabling just about
everything, including telnet, on a *nix server connected directly to the
internet.  Some firewalling is usually good too :)

Nick Walter

----- Original Message -----
From: "Brian Roberson" <roberson at olug.org>
To: <olug at olug.org>
Sent: Saturday, February 22, 2003 11:39 PM
Subject: Re: [olug] Unix Tip: LOCK DOWN TELNET OR FTP


> Suse does, telnet installed yet not enabled.
>
>
>
> ----- Original Message -----
> From: "Jeff Hinrichs" <jeffh at delasco.com>
> To: <olug at olug.org>
> Sent: Saturday, February 22, 2003 3:18 PM
> Subject: Re: [olug] Unix Tip: LOCK DOWN TELNET OR FTP
>
>
> > > LOCK DOWN TELNET OR FTP
> > >
> > > When inbound access isn't required into
> > > a system deny users Telnet or FTP access
> > > do the following:
> > >
> > > vi /etc/inetd.conf
> > >
> > > Comment the line starts with Telnet or
> > > FTP.  Save the file and exit.
> > >
> > > Stop and start the inetd daemon now by
> > > following commands:
> > <rant>
> > Bah humbug! - There are almost no good reasons to have telnet installed
on
> > any server and only servers ear marked should have ftp daemons running.
> > The only safe way is to get the code off of your system completely.
under
> > Redhat:
> >   rpm -e telnetd wu-ftpd
> > For remoting then use ssh/scp.  It's the 21st Century why do dists
insist
> > on keeping ftp/telnet as a part of the default install?  You should have
> > to go look for them, they should not be installed by default.  And
if/when
> > installed, they should be disabled automatically so that if you want to
do
> > something high risk, it's as painful as possible.
> > </rant>
> > -jeff
> >
> >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>




More information about the OLUG mailing list