Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Prevent Remote reboot Solaris 2.5

Posted on 1997-12-31
6
Medium Priority
?
439 Views
Last Modified: 2013-12-16
Is there a way to prevent remote reboot, init 0, or shutdown? Other than disabling the aforementioned commands.
Help???
0
Comment
Question by:maudib031397
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:maudib031397
ID: 1812829
Edited text of question
0
 
LVL 12

Expert Comment

by:Otta
ID: 1812830
Rather than "disabling" the commands,
just rename them, to "hide" them.
Then, write a shell-script to
determine whether the user is "local" or "remote", and then to either REFUSE to execute the command, or to execute the renamed version of the command.

P.S. Why do you want to do this?
Do you like driving through snow-storms
in order to reboot a machine, rather than
using a remote login to do the same thing?
0
 
LVL 12

Expert Comment

by:Otta
ID: 1812831
Oops. Click on 'comment' instead of 'answer'.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:n0thing
ID: 1812832
No, if you don't want users to do a reboot on your machine
don't give them the root passwd. It doesn't help to rename or
hide it, so many commands to rename "reboot", "shutdown",
"init" ... if you rename them. You'll have lots of trouble
with "init" when the system reboot. Besides, anyone with root
could reboot your system easily without having access to those
commands by making a kernel panic ... or just copy the binaries
from another system. Don't give root if you don't want your system to reboot, and besides you cannot disabling ANYTHING from
root.

Regards,
Minh Lai
0
 

Expert Comment

by:psundstr
ID: 1812833
It depends what your concept of "remote" is.  Do you mean you only want to be able to shutdown the machine by logging on the console?  If so, you can restrict root login to the console, although that doesn't stop someone logging in as themselves and using su to gain root access (providing they have the root password of course).
0
 
LVL 1

Accepted Solution

by:
malec earned 400 total points
ID: 1812834
Put this into your /etc/cshrc:

if ($?REMOTEHOST) then
    echo ">>>  $REMOTEHOST : $USER"
    if (($REMOTEHOST == "host-you-allow-access") && ($USER == "account-you-allow-access")) then
       exit
    else
       /usr/sbin/playaiff /disk2/sounds/scream.wav
       echo "Whoa there, $REMOTEHOST. Stay away\!"
       echo "This break-in attempt is being logged complete with ethernet mask and IP of the intruder"
       echo "`date` : Attempt to log into Iona3 from $REMOTEHOST as $USER \n" >> /disk2/Standards/breakin.attempt
       /usr/bin/mail e@fa.com dio@sympatico.ca < /disk2/Standards/breakin.attempt
       logout > null
       exit
    endif
endif

What it does:

      1. Check if you are remote user.
      2. If you are, checks if you come from authorized machine and as authorized user.
      3. If yes - lets you in. If not, warns you, plays sound on your machine, logs IP address of the culprit and time of the attempt and e-mails this file to you and/or somebody else.

You still can rlogin to your own machine if you need to, but you have to come from certain machine as certain user.

Nice and short. Works with telnet too. I use it on my baby.

Have fun.

0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question