By: Ramdev
October 18, 2011
For security purposes, administrators may wish to disable telnet (incoming connections) on a Solaris 10 system.
To disable telnet on a Solaris 10 system:
# svcadm disable telnet
To re-enable telnet on a Solaris 10 system:
# svcadm -v enable -r telnet
Steps to Follow
An example of functioning telnet, disabling of telnet, and then re-enabling telnet on a Solaris 10 system. If the system in question does not have console or terminal server access, another remote connection (ie. rsh/rlogin/ssh) may be required to make the change. Using telnet to connect while attempting to disable telnet will disconnect the window.
1. rsh into S10 system and check current telnet service status:
# svcs -a | grep telnet
online Dec_01 svc:/network/telnet:default
## svcs -l svc:/network/telnet:default
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Thu 01 Dec 2005 08:39:08 AM EST
restarter svc:/network/inetd:default
contract_id 110
## svcs -xv svc:/network/telnet:default
svc:/network/telnet:default (Telnet server)
State: online since Thu 01 Dec 2005 08:39:08 AM EST
See: man -M /usr/share/man -s 1M in.telnetd
See: man -M /usr/share/man -s 1M telnetd
Impact: None.
2. Here we disable telnet with ‘svcadm disable’ command, and then recheck telnet service status:
# svcadm disable telnet
# svcs -a | grep telnet
disabled 21:27:34 svc:/network/telnet:default
## svcs -l svc:/network/telnet:default
fmri svc:/network/telnet:default
name Telnet server
enabled false
state disabled
next_state none
state_time Sat 10 Dec 2005 09:27:34 PM EST
restarter svc:/network/inetd:default
contract_id
# svcs -xv svc:/network/telnet:default
svc:/network/telnet:default (Telnet server)
State: disabled since Sat 10 Dec 2005 09:27:34 PM EST
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M in.telnetd
See: man -M /usr/share/man -s 1M telnetd
Impact: This service is not running.
NOTE: At this point the telnet is disabled. No reboot required for it to take affect.
3. From a remote system, we try to telnet to this S10 system that we just disabled telnet on:
% telnet netlab46
Trying 129.148.12.46…
telnet: Unable to connect to remote host: Connection refused
4. rsh’d back into S10 system to re-enable telnet……
# svcadm -v enable -r telnet
svc:/network/telnet:default enabled.
svc:/network/inetd:default enabled.
svc:/network/loopback enabled.
svc:/system/filesystem/local enabled.
svc:/milestone/single-user enabled.
svc:/system/identity:node enabled.
svc:/system/filesystem/minimal enabled.
svc:/system/filesystem/usr enabled.
svc:/system/filesystem/root enabled.
svc:/system/device/local enabled.
svc:/milestone/devices enabled.
svc:/system/manifest-import enabled.
svc:/milestone/sysconfig enabled.
svc:/milestone/name-services enabled.
5. From same remote system, we try to telnet to this S10 system that we just re-enabled telnet on:
% telnet netlab46
Trying 129.148.12.46…
Connected to netlab46.
Escape character is ‘^]’.login: root
Password:
Last login: Sat Dec 10 21:26:42 from 129.148.192.154
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Tidak ada komentar:
Posting Komentar