Hello,
I would like to harden my QNX nodes somewhat. Looking in the contributed
software section on QNX website I couldn’t find anything useful.
Has someone make the effort to port some utilities like ssh (OpenSSH),
tcp-wrapper or tripwire? If so, could you give me a shout?
One other thing, is it possible to allow root only to login from the
console?
Thank you all
Dorothea
You could set /etc/profile to logout any undesired user/terminal
combinations
Dorothea Mücke-Herzberg <dmh@ngat.com> wrote in message
news:04E02AB064E0D211B24E0008C79F6A0EA3B415@mail.ngat.com…
Hello,
I would like to harden my QNX nodes somewhat. Looking in the contributed
software section on QNX website I couldn’t find anything useful.
Has someone make the effort to port some utilities like ssh (OpenSSH),
tcp-wrapper or tripwire? If so, could you give me a shout?One other thing, is it possible to allow root only to login from the
console?Thank you all
Dorothea
Dorothea Mücke-Herzberg wrote:
Hello,
I would like to harden my QNX nodes somewhat. Looking in the contributed
software section on QNX website I couldn’t find anything useful.
Has someone make the effort to port some utilities like ssh (OpenSSH),
Jean-Claude Michot has ported ssh (http://w3.teaser.fr/~jcmichot/)
You can get the binary off his website. To compile, you need
his customized gcc.
tcp-wrapper or tripwire? If so, could you give me a shout?
I compiled tcp-wrappers with no problems.
You could try removing all entries (except root) out of /etc/passwd
& /etc/shadow.
Make a copy of these files before playing with them. Been there –
wrecked that 
SLAY LOGGED IN, when testing changes, open another console and try
logging in from there.
If you have troubles, restore original files on console initially
logged in as root.
Also /etc/ftpusers lists users disallowed to ftp login.
I’m not sure if there is one for telnet.
Vince
In article <04E02AB064E0D211B24E0008C79F6A0EA3B415@mail.ngat.com>,
=?iso-8859-1?Q?_Dorothea_M=FCcke-Herzberg?= <dmh@ngat.com> wrote:
Hello,
I would like to harden my QNX nodes somewhat. Looking in the
contributed
software section on QNX website I couldn’t find anything useful.
Has someone make the effort to port some utilities like ssh (OpenSSH),
tcp-wrapper or tripwire? If so, could you give me a shout?One other thing, is it possible to allow root only to login from the
console?Thank you all
Dorothea
Sent via Deja.com http://www.deja.com/
Before you buy.
Norton Allen wrote:
Dorothea Mücke-Herzberg wrote:
Hello,
I would like to harden my QNX nodes somewhat. Looking in
the contributed
software section on QNX website I couldn’t find anything useful.
Has someone make the effort to port some utilities like ssh
(OpenSSH),Jean-Claude Michot has ported ssh (> http://w3.teaser.fr/~jcmichot/> )
You can get the binary off his website. To compile, you need
his customized gcc.Thank you, I just downloaded it.
tcp-wrapper or tripwire? If so, could you give me a shout?I compiled tcp-wrappers with no problems.
What system type did you use for the make ?
Cheers,
Dorothea
In article <04E02AB064E0D211B24E0008C79F6A0EA45BF7@mail.ngat.com>,
Dorothea Mücke-Herzberg <dmh@ngat.com> writes:
Norton Allen wrote:
Jean-Claude Michot has ported ssh (> http://w3.teaser.fr/~jcmichot/> )
You can get the binary off his website. To compile, you need
his customized gcc.Thank you, I just downloaded it.
Cheers,
Dorothea
I’ve got a one-release-later version of SSH ported to QNX 4.2[45] using
Watcom C 10.6 if you don’t want to muck about with installing another C
development environment (kudos to JCM for his work, which I incorporated).
ftp://www.visi.com/users/hawkeyd/qnx/ssh-1.2.27-to-qnx.txt explains the
gory details, and has the necessary patches.
After getting SSH up and running, you can disable most all the common
U**X access methods from /etc/inetd.conf, and send inetd a SIGHUP.
I might also suggest making just one node accessible to the outside world,
and setting it up so as to think it’s the only node on the QNX network
(i.e; “Net -n 1 &” and rem out “netmap -f” in /etc/config/sysinit.N). In
this way, you access that node from the outside world with ssh and/or scp,
and the rest of the QNX network from that box with ftp, telnet, etc…
Hope this helps,
Dave
–
__________________ \ D. J. HAWKEY JR. / /
_/\ hawkeyd@visi.com /_____________/
http://www.visi.com/~hawkeyd/