mensah@crcge1.UUCP (Christian Mensah) (01/15/87)
For security reason , i want to disable networking (rlogin, rcp, rsh, r..) on a Vax/4.2bsd ethernet linked with other Vaxes & Suns , ..., but allow people on other machines to rlogin, rcp, rsh, r.. towards that one way machine . !-----! !------------------! ! Vax !-----(rlogin , rcp,rsh ,r..) disabled ----> ! Vax/bsd ! ! bsd ! ! or ! !_____!<----(rlogin , rcp,rsh ,r..) enabled ----- ! Sun or Symbolics ! II !__________________! II_____________________________________________________II !________________ Ethernet _____________________________I Many thanks for your ideas (don't ask me why i didn't break physical connections) Christian K. Mensah Labo Marcoussis F-91460 Marcoussis (64 49 11 55) ~~~~~~~~~~~~~~~~~~~ ...{decvax,seismo}!mcvax!inria!crcge1!mensah
ron@brl-sem.UUCP (01/17/87)
In article <1740@crcge1.UUCP>, mensah@crcge1.UUCP (Christian Mensah) writes: > For security reason , i want to disable networking (rlogin, rcp, rsh, r..) > on a Vax/4.2bsd ethernet linked with other Vaxes & Suns , ..., but allow people > on other machines to rlogin, rcp, rsh, r.. towards that one way machine . Remove the daemons (rlogind, rshd, telnetd...) from the machine you want to avoid incoming connections on. Or remove their start up from /etc/passwd (or comment them out of inet.conf if you are using that). -Ron
markh@ico.UUCP (Mark Hamilton) (01/22/87)
In article <1740@crcge1.UUCP>, mensah@crcge1.UUCP (Christian Mensah) writes: > For security reason , i want to disable networking (rlogin, rcp, rsh, r..) > on a Vax/4.2bsd ethernet linked with other Vaxes & Suns , ..., but allow people > on other machines to rlogin, rcp, rsh, r.. towards that one way machine . As mentioned in a previous reply stopping the daemons stops incomming connects. If you need to stop outgoing (which I think is the case if I read your question correctly), try setting the r* commands to be execute by root only, or remove them. Unless you have users that try to connect to their own machine nobody should miss the commands. -- Mark Hamilton InterActive Systems
mb@ttidca.UUCP (Michael Bloom) (01/23/87)
In article <591@brl-sem.ARPA> ron@brl-sem.ARPA (Ron Natalie <ron>) writes: >Remove the daemons (rlogind, rshd, telnetd...) from the machine you want >to avoid incoming connections on. Or remove their start up from /etc/passwd >(or comment them out of inet.conf if you are using that). That was my first thought too, but it seems like overkill. He only wants to disable outbound connections from that one machine. Using daemon removal as his solution would require removing those daemons from all other connectable machines but the one, which may be more disabling than he wishes. There may be some pairs of machines he does not wish to disable. Much simpler would be to just turn off the 's' bit on the rlogin, etc, programs. It won't matter if users make their own copies of these programs, as their corresponding servers are listening on privileged ports, and if the process attempting the connection is not running as root, it can not succeed. Of course this fails if they have a zillion roots, but then they would have little opportunity for security anyway.