Vincent Archer <varcher@denyall.com> wrote on 02/12/2007 04:51:07 AM:
I don't speak for Sun, but here are some hints that might help.
OS packaging person here (the guy who defines the exact stripped version
we install on customer appliance) did test with root, and it worked. I
suspect it is dependent on whether root is enabled as allowed as a
remote
login or not (a setting I dimly remember being available on solaris 10
years ago, I think).
For root login; there is a setting in /etc/default/login. If CONSOLE is
set, then root can only login
on that device i.e. "CONSOLE=/dev/ttya" means "root" can only login on
ttya device. Any other user via
telnet/ssh/whatever has to login as themselves and "su" to root.
This doesn't prevent telnet -l "-fbin", or -flp; for those accounts best
bet is to change /etc/passwd for the shell of system-account users to
/sbin/noshell or /bin/false (noshell just logs the entry and exists)
Of course disabling in.telnetd in /etc/inetd.conf (and doing a pkill -HUP
inetd) if possible is a safe bet,
but some sites are forced to use telnetd.
Brad Powell
Sr. Security Manager
Information Security and Risk Management.
Global Information Services.
Applied Materials Inc.
Office 408- 563-1350
The content of this message is Applied Materials Confidential. If you are
not the intended recipient and have received this message in error, any
use or distribution is prohibited. Please notify me immediately by reply
e-mail and delete this message from your computer system. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
