Date: Sun, 27 May 2001 08:37:54 -0400 From: Bill Vermillion <bill@wjv.com> To: Jorge Biquez <jbiquez@icsmx.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Advice on ISP services Please. Message-ID: <20010527083754.C89414@wjv.com> In-Reply-To: <5.0.2.1.2.20010526221708.02912720@icsmx.com>; from jbiquez@icsmx.com on Sat, May 26, 2001 at 10:45:40PM -0500 References: <b8.1630694f.2840057f@aol.com> <3B104586.A643F9A9@buckhorn.net> <005201c0e64d$0c068cc0$0bdea8c0@island.net.au> <000d01c0e65b$c78d1be0$83a3ded1@hei.net> <5.0.2.1.2.20010526221708.02912720@icsmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 26, 2001 at 10:45:40PM -0500, Jorge Biquez thus sprach: Others have answered you other questions. > - How to avoid users have access to telnet services. I've turned telnet off entirely on several machines I maintain. Only access is via 'ssh'. Do that in addition to using a non-existant shell. I like to use /usr/bin/false [habit from a long time ago]. /sbin/nologin is used but that gives you an 'account is currently not available message'. If you do run telnet you might think of putting -h after telentd in the inetd.conf file. This way you only find out what OS is running AFTER you complete the login. Giving as few hints as possible as to the OS and version is good practice IMO. Either of the above 'false' or 'nologin' do display the OS and version. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010527083754.C89414>