This is what i have done for disabling FTP and Telnet session.
Request you to correct me if i m wrong.
Enable FTP Service:
To check FTP is running or not:
This can be done by loging into the server or any other machine connected to server.All you need to do is type a command called.
ftp
Example:
If 10.180.18.222 is my server's ip address.
Code:
# ftp 10.180.18.222
ftp: connect: Connection refused
ftp>
Above output shows that ftp is not enabled on my server.
To enable the ftp you need to edit gssftp file under
/etc/xinetd.d directory.
You should modify disable parameter to no.
Code:
# cat gssftp
# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/ftpd
server_args = -l -a
log_on_failure += USERID
disable = no
}
Once you have modified the file you should restart xinetd
Code:
#/etc/rc.d/init.d/xinetd restart
To check if FTP is running or not:
Code:
# ftp 10.180.18.222
Connected to 10.180.18.222.
220 TomcatServer FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Unspecified GSS failure. Minor code may provide more information
GSSAPI error minor: No credentials cache found
GSSAPI error: initializing context
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (10.180.18.222:root):
Above output shows now you can able to use ftp.
Disable Telnet:
Telnet is a service using which we can remotely communicate with server.However ssh is more secure alternative to it.Therefore we should disable this service by default.
Here is what you need to do if you are using redhat/centos 4,5.
This service is usually named as krb5-telnet.
You just need to edit file under /etc/xinetd.d/krb5-telnet.
Following is the content of file where telnet is disabled .
Code:
# cat /etc/xinetd.d/krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
# but can also use Kerberos 5 authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/telnetd
log_on_failure += USERID
disable = yes
}
Just restart xinetd service.
Code:
#/etc/rc.d/init.d/xinetd restart
Telnet should be disabled now.