Date: Sat, 16 Sep 2000 09:31:41 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: freebsd-security@freebsd.org Subject: Option 3 Message-ID: <200009161632.e8GGWGO42682@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help
A blind carbon copy of this note has been sent to freebsd-arch for
those who have subscribed to freebsd-arch and are not subscribed to
freebsd-security.
Here is the script I eluded to in Option 3 in the freebsd-arch
discussion about Rsh/Rlogin/Rcmd & friends. I've used various forms of
this script for over 7 years on various UNIX platforms. Use it and
modify it as you see fit.
It uses Klaxon, a port monitor, to replace and monitor disabled
services. You can disable the service without the use of Klaxon.
Enclosed are two versions of the script, a civilized version and a
Draconian version.
Version 1:
#!/usr/bin/awk -f
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ && $7 !~
/identd/ {print "#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7
"\t" $8 " " $9}
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ && $7
!~ /identd/ {print "#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6
"\t" $8 " " $9}
$1 != "time" && $6 == "internal" {print "#==# " $0}
$1 == "time" {print $0}
$1 ~ /^#/ || $6 ~ /tcpd/ || $7 ~ /identd/ {print $0}
Version 2:
#!/usr/bin/awk -f
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && ( $6 ~ /ftpd/ || $6 ~
/telnetd/ || $6 ~ /rshd/ || $6 ~ /rlogind/ || $6 ~ /rexecd/ || $6 ~
/uucpd/ || $6 ~ /fingerd/ || $6 ~ /tftpd/ || $6 ~ /talkd/ || $6 ~
/rstatd/ || $6 ~ /rusersd/ || $6 ~ /walld/ || $6 ~ /bootps/ || $6 ~
/bootpd/ ) {print "#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/libexec/klaxon.i
dent\tklaxon " $1}
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ {print
"#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7
"\t" $8 " " $9}
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ {print
"#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6
"\t" $8 " " $9}
$1 !~ /^#/ && $6 == "internal" {print "#==# " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/libexec/klaxon.i
dent\tklaxon " $1}
$1 ~ /^#/ || $6 ~ /tcpd/ {print $0}
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009161632.e8GGWGO42682>