| How
do you manage your WLAN? Can you ensure secure
remote user authentication?
 The
Steel-Belted
RadiusŪ Enterprise Edition Appliance is
the ideal solution for convenient and easy
deployment of secure, scalable, simple-to-manage
WLANs and remote access solutions.
Already a Steel-Belted Radius software
user? Upgrade to an appliance now for just
$3,000.
For more information contact TidalWire
at
877-574-7600 or sales@tidalwire.com.
|
|
Manage
all your remote and wireless LAN (WLAN) users and equipment,
and enhance the security of your network - Click
Here |
|
10.16.03
 By
Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
Problem
You want a service to be available only at certain times
of day.
Solution
For xinetd, use its access_times attribute. For example, to make telnetd
accessible from 8:00 a.m. until 5:00 p.m. (17:00) each day:
/etc/xinetd.conf or /etc/xinetd.d/telnet:
service telnet
{
...
access_times = 8:00-17:00
} |
For inetd, we'll implement this manually
using the m4 macro processor and cron. First, invent some strings
to represent times of day, such as "working" to mean 8:00 a.m. and
"playing" to mean 5:00 p.m. Then create a script (say, inetd-services)
that uses m4 to select lines in a template file, creates the inetd
configuration file, and signals inetd to reread it:
/usr/local/sbin/inetd-services:
#!/bin/sh
m4 "$@" /etc/inetd.conf.m4 > /etc/inetd.conf.$$
mv /etc/inetd.conf.$$ /etc/inetd.conf
kill -HUP `pidof inetd`
Copy the original /etc/inetd.conf file to the template file,
/etc/inetd.conf.m4. Edit the template to enable services conditionally
according to the value of a parameter, say, TIMEOFDAY.
For example, the telnet service line that originally looks like this:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
might now look like:
ifelse(TIMEOFDAY,working,telnet stream tcp nowait root /usr/sbin/tcpd
in.telnetd)
which means "if TIMEOFDAY is working, include the telnet line, otherwise
don't." Finally, set up crontab entries to enable or disable
services at specific times of day, by setting the TIMEOFDAY
parameter:
0 8 * * * /usr/local/sbin/inetd-services -DTIMEOFDAY=working
0 17 * * * /usr/local/sbin/inetd-services -DTIMEOFDAY=playing
Discussion
For xinetd, we can easily control each service using the access_times
parameter. Times are specified on a 24-hour clock.
For inetd, we need to work a bit harder, rebuilding the configuration
file at different times of day to enable and disable services. The
recipe can be readily extended with additional parameters and values,
like we do with TIMEOFDAY. Notice that the xinetd solution
uses time ranges, while the inetd solution uses time instants (i.e.,
the minute that cron triggers inetd-services).
*Reprinted with the permission of the O'Reilly
Network.
About the Author:
| The Linux
Security Cookbook includes real solutions to a wide
range of targeted problems, such as sending encrypted email
within Emacs, restricting access to network services at particular
times of day, firewalling a webserver, preventing IP spoofing,
setting up key-based SSH authentication, and much more. With
over 150 ready-to-use scripts and configuration files, this
unique book helps administrators secure their systems without
having to look up specific syntax. |
 |
Read this newsletter at: http://www.securitypronews.com/2003/1016.html |
|
| From
the Forum: |
| wormswena |
 Hi
all'
Worm Swena came this a.m. which means you'll start getting
it when you wake. Update virus checker!
|
|
|
