TELNET /
TCP WRAPPERS IN SOLARIS
What we are going to Learn,
·
How to enable trace for Telnet
·
How to find users detail, logged in via telnet
·
How to enable root user trace, logged in via
telnet
·
What is TCP WRAPPERS
·
How to Enable TCP WRAPPERS
·
How to Enable TCP WRAPPERS for telnet
·
How to control the network access via TCP WRAPPERS
Telnet is a protocol for connecting remote hosts
It works on port 23
telnetd is daemon responsible for telnet
root@sol-test-1:>/# svcs -a |grep -i telnet
online 16:24:14
svc:/network/telnet:default
root@sol-test-1:>/# which telnet
/usr/bin/telnet
root@sol-test-1:>/# pkginfo -x |grep -i telnet
SUNWtnetc Telnet Command (client)
SUNWtnetd
Telnet Server Daemon (Usr)
SUNWtnetr
Telnet Server Daemon (Root)
root@sol-test-1:>/# cat /etc/default/telnetd
root@sol-test-1:>/# ps -ef |grep -i telnet
root 3677
402 0 16:34:27 ? 0:00 /usr/sbin/in.telnetd
root 3769
3680 0 17:09:30 pts/2 0:00 grep -i telnet
root 3681
402 0 16:34:35 ? 0:00 /usr/sbin/in.telnetd
Actually there is not much to say about telnet,
Just telnet followed by ip/hostname then done,
ENABLE TCP TRACE FOR TELNET,
root@sol-test-1:>/# inetadm -p |grep -i tcp_trace
tcp_trace=FALSE
root@sol-test-1:>/# inetadm -M tcp_trace=TRUE
root@sol-test-1:>/# inetadm -p |grep -i tcp_trace
tcp_trace=TRUE
root@sol-test-1:>/# inetadm -m telnet tcp_trace=TRUE
root@sol-test-1:>/# inetadm -l telnet |grep -i
tcp_trace
tcp_trace=TRUE
Now I logged via telnet in to sol-test-1 (192.168.234.133) from
different systems, let’s check the log
root@sol-test-1:>/# tail -f /var/adm/messages
[……………………………]
Dec 27 18:08:40 sol-test-1 inetd[402]: [ID 317013 daemon.notice]
telnet[4033] from 192.168.234.134 32866
Dec 27 18:11:01 sol-test-1 inetd[402]: [ID 317013 daemon.notice]
telnet[4048] from 192.168.234.200 54689
Dec 27 18:13:49 sol-test-1 inetd[402]: [ID 317013 daemon.notice]
telnet[4062] from 192.168.234.200 54690
Dec 27 18:14:19 sol-test-1 inetd[402]: [ID 317013 daemon.notice]
telnet[4072] from 192.168.234.133 32958
Here we are just getting log of a connection from different ip, by
“who” command we can get the details of users also
root@sol-test-1:>/# who
root pts/2 Dec 27 16:34 (192.168.234.1)
root pts/3 Dec 27 16:34 (192.168.234.1)
root pts/4 Dec 27 18:08 (sol-tst-2)
root pts/5 Dec 27 18:13 (192.168.234.200)
anurag pts/6 Dec 27 18:14 (sol-test-1)
But this is for runtime only, if they logged out then how to find?
root@sol-test-1:>/# who
root pts/2 Dec 27 16:34 (192.168.234.1)
root pts/3 Dec 27 16:34 (192.168.234.1)
From “last” command we can get the details
root@sol-test-1:>/# last |head
anurag pts/6 sol-test-1 Sat Dec 27 18:14 - 18:26 (00:12)
root pts/5 192.168.234.200 Sat Dec 27 18:13 - 18:26 (00:12)
anurag pts/5 192.168.234.200 Sat Dec 27 18:11 - 18:13 (00:02)
root pts/4 sol-tst-2 Sat Dec 27 18:08 - 18:26 (00:18)
anurag pts/4 sol-tst-2 Sat Dec 27 17:50 - 17:50 (00:00)
And we can also get the details in /var/log/authlog
for root users only,
We already learned in post “SSH” to enable logs in /var/log/authlog
TCP WRAPPERS,
·
This is network access control technology,
·
It just works as firewall resides between inetd &
network services it manages
·
It is used to monitor an incoming request and
apply access control based on client configuration.
·
it secures and monitors incoming service requests
such as FTP, rpc, rsh, rlogin, Telnet, exec, rcp, and many others
We can enable TCP WRAPPERS for one inetd service or for all inetd
services
inetadm –M is used to modify inetd
services,
root@sol-test-1:>/# inetadm -M tcp_wrappers=TRUE
root@sol-test-1:>/# inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=FALSE
tcp_wrappers=TRUE
connection_backlog=10
To enable TCP Wrappers for only a one service, let’s telnet
root@sol-test-1:>/# inetadm -m telnet
tcp_wrappers=true
root@sol-test-1:>/# inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
tcp_wrappers=TRUE
default connection_backlog=10
Now we need to configure following files to let the TCP WRAPPERS in
action,
/etc/hosts.allow
/etc/hosts.deny
root@sol-test-1:>/# vi /etc/hosts.allow
"/etc/hosts.allow" 2 lines, 49 characters
sshd : 192.168.234.134
in.telnetd : 192.168.234.200
root@sol-test-1:>/# vi /etc/hosts.deny
"/etc/hosts.deny" 2 lines, 25 characters
sshd : ALL
in.telnetd : ALL
Here I had allowed ssh only from 192.168.234.134
And telnet is allowed only from 192.168.234.200
Let’s check it,
telnet from 192.168.234.134
root@sol-test-1:>/# telnet 192.168.234.133
Trying 192.168.234.133...
Connected to 192.168.234.133.
Escape character is '^]'.
Connection to 192.168.234.133 closed by foreign host.
ssh from 192.168.234.200
[root@rh-server /]# ssh 192.168.234.133
ssh_exchange_identification: Connection closed by remote host
we can check the log also in /var/adm/messages of sol-test-1
(192.168.234.133)
root@sol-test-1:>/# tail -f /var/adm/messages
Dec 27 17:43:32 sol-test-1 in.telnetd[3909]: [ID 808958
daemon.warning] refused connect from sol-test-1 (access denied)
Dec 27 17:46:49 sol-test-1 in.telnetd[3912]: [ID 808958
daemon.warning] refused connect from sol-test-1 (access denied)
No comments:
Post a Comment