Tuesday, November 22, 2011

Security Policies and Telnet


Security Policies

According to the service management, there are three type of security policies
  1. Security within a service
  2. security provided by TCP wrappers
  3. security provided by xinetd

TCP Wrappers
Configuration needed two file
  1. Hosts.allow
  2. Hosts.deny
By default all are allowed

Check the rpm
#rpm –q tcp_wrappers
Syntax
Daemon_list   :           client_list

Example 1:      Network 172.24.0.0 are not allowed to use ftp service
#vi /etc/hosts.deny
Vsftpd :           172.24.0.0/55.255.0.0

Example 2 :     allowing 172.24.0.0 and deny outside network (172.25.0.0)
#vi /etc/hosts.allow
Vsftpd :           172.24.0.0/255.255.0.0

#vi /etc/hosts.deny

Vsftpd :           172.25.0.0/255.255.0.0

In order to deny other network
Vsftpd :           ALL

Deny other network except 172.24.0.0
In this case  just make entry in hosts.deny

#vi /etc/hosts.deny
Vsftpd :           ALL EXCEPT 172.24.0.0/255.255.0.0

Similarly we can make entry for SSH, IMAP, and POP3

Example 3:      Network 172.26.0.0, 172.24.0.1, 172.24.0.2 allowed to use SSH service
#vi /etc/hosts.allow
Sshd    :           172.24.0.1 172.24.0.2 172.26.0.0/255.255.0.0

Example 4:      Network example.com, redhat.com allowed to use telnet service
#vi /etc/hosts.allow
In.telnetd        :           .example.com .redhat.com
Or we can assign station wise
In.telnetd        :           station1.example.com

Example 5:      Allowing 172.24.0.0 except 172.24.0.1 to use ssh service and disallowing all other network
#vi /etc/hosts.deny
Sshd    :           ALL EXCEPT 172.24.0.0/255.255.0.0 EXCEPT 172.24.0.1
 Some of the daemon are
Imapd
Ipop3d
Smbd, nmbd

Telnet


Telnet service is used for the purpose of remote login between linux to linux, linux to unix and linux to windows

Service Profile

Type                            :           xinetd
Package                      :           telnet-server, telnet
Daemon                      :           based on xinetd
Script                          :           based on xinetd
Configuration             :           /etc/xinetd.d/telnet

 Check the rpm
#rpm –q telnet-server telnet

Edit the file
#vi /etc/xinetd.d/telnet
Make
            Disable = no
Save and exit

Start the service
#service xinetd restart
#chkconfig xinetd on

Security setting
  1. For particular system
#vi /etc/xinetd.d/telnet
Only_from = 172.24.0.6

Save and exit
By default all node in a network can access through telnet

  1. For range of node
#vi /etc/xinetd/telnet
Only_from = 172.24.0.{1,2,3,4}

  1. Deny particular node
#vi /etc/xinetd/telnet
No_access = 172.24.0.6

Time setting
#vi /etc/xinetd/telnet
Acees_time = 04:15=04:30

If we want to login with username as root and by default we cannot
#vi /etc/securetty
Add two line
Pts/0
Pls/1


Thanks,
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)