AIX Telnetd Securty Features 4

[eunix]

I am trying to secure my AIX environment and I want to keep telnetd from announcing the node name when you connect. I am able to do this in HP but with AIX when you connect using telnet (and before you actually login) you get the following:

Telnet (nodename)


{Herald Message}
Login:
[/color red]
I know how to change the Herald message at the bottom but I can't seem to find out how to keep telnetd from announcing the node name at the top.

Thanks,

Eunix

 

[plamb]

Don't use telnet use ssh to statrwith then remove banner(motd)

 

[eunix]

Thanks for the suggestion, but we are already using ssh.
But for those servers that are using telnetd I still need to remove the node/host name announcement.


Eunix

 

[Mag0007]

I am in the process of securing my AIX 4.3.3 and AIX 5.2 environment too, is there a GOOD checklist with commands? For example, How to disable telnet/ftp, and have SSH start up automatically.

Having directory permissions, such as root readonly on /etc/rc.* , stuff like that....

 

[RMGBELGIUM]

for Mag0007:

There is a redbook from ibm : Security Guide for AIX
I have used this guide to harden our internet server.
If you really want a good beginning , you should have tcb installed on your machines.
Securing your machine isn't really all about commands, it's about editing configuration files, so that certain daemons don't start anymore

eg : disable unnecessary entries in inittab, rc.tcpip,inetd

If you disable all the stuff you don't need in those files, and install the latest security fixes, you will have come quite far in securing your machine.Furthermore a good password policy for your users.
TCB is also a useful tool in maintaining file permissions.Be sure to do some research on that too.
Be sure to set up auditing, then you can really see what's going on on your machine.
Hope this helps.

greetz,

R.

 

[eunix]

Great ideas however, this thread is about removing the hostname/nodename announcement from telnetd in AIX.

Thanks
Eunix

 

[columb]

You want to look at /etc/security/login.cfg. Here's the entry from my systems

        herald = "Authorised Personnel Only\n\nlogin:"

Columb Healy

 

[d3vzero]

Hi Guys,

Actually, the herald attribute is used by the login process (not the telnetd process which is actually responsible for displaying the line in question here).

You will need to edit and rebuild the telnetd message catalog to remove its ability to display the hostname.

Use something like the following process, as root.

dspcat -g /usr/lib/nls/msg/en_US/telnetd.cat >/tmp/telnetd.msg

# Now vi the /tmp/telnetd.msg file and edit the 8th line.
# telnet (%s)   to be something like   telnet (Secured)

gencat /tmp/telnetd.cat /tmp/telnetd.msg

cp /usr/lib/nls/msg/en_US/telnetd.cat /usr/lib/nls/msg/en_US/telnetd.cat.sav

cp -p /tmp/telnetd.cat /usr/lib/nls/msg/en_US

All future telnet attempts will no longer display the hostname.

All the Best.

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[eunix]

Thanks!

I appreciate this answer!

 

[letis]

great lesson about manipulating the message databases, d3vzeron thanks !