Re: Dial-in mgetty line security
At 05:47 PM 11/14/99 -0800, Michael W. Shaffer wrote:
><> Is this adequate to protect from random dialers who might
>stumble on the modem tone and try logging in to this machine?
I think war dialers are a thing of the past really.
><> Are there any other routine actions like this I should take
>to protect modem lines like this used only for occasional remote
>admin?
Set adminname to a random sequence so it will be extremely hard to guess.
Enable failed login tracking. Set LOG_UNKFAIL_ENAB, FAILLOG_ENAB, and
FTMP_FILE to yes. All in /etc/login.defs. You could make a script to email
you if there are any failed login attemps. That way you would be alerted to
a potential attack. Also you can use non-standard terminal settings so
anyone trying to connect who isn't in-the-know will fail. e.g. 7-E-1,
8-N-0, etc.
At 02:48 PM 11/15/99 +1100, Roland Gerlach wrote:
>Are you aware that entering adminname and any password will cause
>login to re-prompt for the username which will defeat your mgetty
>/bin/false security mechanism?
You can set the number of login retries to 0. In /etc/login.defs.
--
__ _____ ____ ____ ____ _____ _ _ ___ ____
| | | \ | \ | \ / | \\ / / \ | \
| | |___/ |__ |___/ | \_/ | | |___/
| | | \ | | \ | | | | | \
|___/__|__ |____/ |___/ | \ | | \___/ | \
_____ ____ __ _____ _ _ _
| \ | \ /\ / | \ / \ |
| | |__ /__\ | |____| |
| | | / \ | | | |
|____/ |___/ \ / | \ / o
Reply to: