[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Dial-in mgetty line security

I have recently installed a Linux machine at a remote customer
site to serve as a masquerading firewall/router and various other
things such as SMTP/POP3 spool, DNS cache, etc. I installed two
modems, one for dial-out only to the local ISP and the other which
has a simple mgetty listening on it for remote admin. Since I may 
need to dial in to this machine at unpredictable hours and from
unknown places, I can't really use callback verification or time
limitations to restrict dial-in access. What I have done is create
an /etc/mgetty/login.config file with only the following two lines:

adminname   -   -   /bin/login @
*           -   -   /bin/false

I have set a long and (hopefully) secure password on the 
'adminname' account.

My questions are:

<> Is this adequate to protect from random dialers who might 
stumble on the modem tone and try logging in to this machine?

<> Are there any other routine actions like this I should take
to protect modem lines like this used only for occasional remote

Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Reply to: