Section 16.9 Paging telnet and rsh Usage

Previous page
Table of content
Next page
   

16.9 Paging telnet and rsh Usage

You can add portions to your script to page yourself when someone initiates a telnet session (whether or not the login is successful) with the following addition to the script. You do not get paged on telnet sessions from cia.com or cavu.com because you trust these systems. Note that this only handles telnet connections that are allowed by TCP Wrappers. The use of TCP Wrappers, a wonderful tool for keeping out crackers, is covered later in this chapter and in "TCP Wrappers" on page 555.

 
 set y=`echo "$x" | sed -e 's/.* //' -e 's/.*@//'` echo "$x" | grep -q 'telnetd\[.*: connect from ' if ( $status == 0 ) then   if ( "$y" == "cia.com" ) goto pasttelnet   if ( "$y" == "cavu.com" ) goto pasttelnet   echo "$x" \   | sed -e "s/^... .. ..:..:.. \([^ ]*\).*: /telnet:\1:/" \   | Mail 1234567@skytel.com bob@homesys.com bob@pentacorp.com endif pasttelnet:

This next example will generate a page when there is an attempt to telnet when it is disallowed by TCP Wrappers. This would be considered a cracking attempt that has been thwarted!

 
 echo "$x" | grep -q 'telnetd\[.*: refused connect from ' if ( $status == 0 ) then   echo "$x" \   | sed -e "s/^... .. ..:..:.. \([^ ]*\).*:" \   "refused connect from /telnet:\1:REFUSED /" \   | Mail 1234567@skytel.com bob@homesys.com bob@pentacorp.com endif

The rsh program is quite popular because it allows you to issue a command to a remote system easily. It is a security hole too because if someone cracks joe@cia.com and joe@cia.com has permission to issue rsh commands to the bob account on sa.com (by listing cia.com in ~joe/.rhosts on nsa.com), they "own" joe@nsa.com too.

The ssh command is much preferred because it is secure. As an alternative (but not as secure), you can use TCP Wrappers to limit which systems can use rsh to issue commands on your system. In any case, if you allow rsh you will want to be paged (or receive e-mail) when it is used with the following addition to your script.

 
 echo "$x" | grep -q 'rshd\[.*: .*cmd=' if ( $status == 0 ) then echo "$x" \   | sed -e "s/^... .. ..:..:.. \([^ ]*\)[^:]*: /rsh:\1:/" \   | Mail 1234567@skytel.com bob@homesys.com bob@pentacorp.com endif

The e-mail or page you will receive will look like the following:

 
 rsh:cavu:root@cracker.com as root: cmd='chown root /bin/csh;       chmod 4777 /bin/csh'
       
    Top

    Previous page
    Table of content
    Next page
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260
    BUY ON AMAZON
    Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
    CompTIA Project+ Study Guide: Exam PK0-003
    An Introduction to Design Patterns in C++ with Qt 4
    Junos Cookbook (Cookbooks (OReilly))
    What is Lean Six Sigma
    User Interfaces in C#: Windows Forms and Custom Controls
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy