Experimental Physics and
| |||||||||||||||
|
At 10:18 AM -0600 2000/02/22, Andrew Johnson wrote:
"Porter, Rodney" wrote: > standard way to disable telnet and rlogin. If not could one be made? You can inspect the INCLUDE_CONFIGURATION_5_2 macro, which is
just
a bunch of #defines, and pick what you want, leaving out telnet
and
rlogin. Just move the onces you do want from the grouping
after
#ifdef FALSE to just above it.
By the way, I leave them in, because they are useful to me;
further,
I assume VxWorks is extremeley vulnerable, so to get some real
security,
I:
- put my IOCs on a hidden subnet, for example, using IP
masquerading
on one of my dual-homed servers. This really
hides them from the
Internet (and is good practice for your console
Unix/NT machines as well--
they can still see "out".);
- do not give the IOCs a DEFAULT route; at most, give them
single-host
routes to special hosts not on the hidden
subnet. They will not reply
to any packet not on their own LAN (which would not
occur if using
the IP masquerading technique, of course).
You can still access them
by using ssh once to your above server; then rlogin
or via you serial
port acess method;
- change the default password and login supplied by
WRS. Do this by
looking further down in configAll.h;
- finally, VxWorks is pretty obscure; I still forget to
put quotes
around the arguments to cd and ls.
_____________________________________________________________________
Stephen A. Lewis | [email protected] Mail Stop 71-259 | http://www.lbl.gov/~salewis Lawrence Berkeley National Laboratory | Tel: +1.510.486.7702 Berkeley, CA 94720 USA | FAX: +1.510.486.4544
| ||||||||||||||
ANJ, 10 Aug 2010 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing · |