Re: root telnet

[Afanassy Thompson <afanassy geckonet net>]

>>>>> "sb" == Steve Borho <steve borho myip org> writes:

sb> root telnet? ack ack ack ptuuui.

Those were my sentiments & were expressed.

sb> Commenting out the appropriate lines in those files will open up that
sb> gaping security hole for them.

This & other advice heeded. They asked if I could limit root telnet to 
one IP. 

I don't see any way to do that. I can allow root telnet, & limit
telnet access to specific IPs, leave it as is & subject them to the
burdensome tedium of having to su etc. (:) But to allow root telnet, from
one IP & wider telnet beyond eludes me.

(NOTE, my prefernce is not to allow it at all & for them to get-off
this old software & get with the program & start using SSH or
something, even put forward the idea of sudo.)

It's a real problem as box in question is visible to the world & could 
be exploited. They've been running HPUX & SCO for a long time &
adapting is eliciting some growing-pains. 

Any package like sentry w/logcheck et alis, would convince them in
short order that any visible box is being tried &
repeatedly. Ignorance is bliss I guess. (Till entire system is
compromised!) 
A
-- 
Jay M. Thompson    Systems Administrator:  GeckoNet.net 
Email: afanassy geckonet net        http://www.geckonet.net    
=============================================================================
PGP Public Key at http://www.geckonet.net