您当前的位置: 首页 > 学无止境 > 心得笔记 网站首页心得笔记
马哥linux运维学习笔记-tcp_wraper&xinetd2
发布时间:2019-03-10 12:27:46编辑:雪饮阅读()
禁用telnet服务
方法1
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
方法2
[root@mail ~]# chkconfig telnet off
配置telnet的日志服务
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
然后用客户端连接后就可以查看到日志信息
[root@mail ~]# cat /var/log/telnet.log
19/3/9@20:25:32: START: telnet pid=4315 from=192.168.1.4
访问控制
ip网段限制
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
only_from = 192.168.1.0/24
no_access = 192.168.1.4
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
访问时间限制
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
access_times = 10:00-14:00
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
同一ip同时访问数量限制
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
per_source = 1
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
绑定服务网卡
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
bind = 192.168.128.130
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
设定telnet的横幅banner信息
[root@mail ~]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
banner = /etc/telnet.banner
log_type = FILE /var/log/telnet.log
log_on_failure += USERID
}
[root@mail ~]# cat /etc/telnet.banner
Welcome to our telnet server.....
[root@mail ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
然后客户端连接上
Welcome to our telnet server.....
Red Hat Enterprise Linux Server release 5.8 (Tikanga)
Kernel 2.6.28.10-l7 on an i686
login:
关键字词:linux,tcp_wraper,xinetd