468x60 Ads

Wednesday, March 12, 2014

How to add telnet SSH warning/logging banner/message in solaris 10

1:45 AM  Unknown  No comments
We can add our system warning/logging banner/message by editing /etc/motd file. This message will appear once after we are logging in to system using Telnet/SSh/..etc. methord. (displayed after login)


# vi /etc/motd
"/etc/motd" 1 line, 57 characters
#########################################################################
#                   ----Sri Lanka XXXX PVT. LTD.----                 
# This system is for the use of authorized users only.             
# Individuals using this computer system without authority, or                     
# in excess of their authority, are subject to having all of                         
# activities on this system monitored and recorded by system personnel.
#########################################################################

Eg:

login as: dara
Using keyboard-interactive authentication.
Password:
Access denied
Using keyboard-interactive authentication.
Password:
Last login: Wed Mar 12 11:43:09 2014 from 172.16.0.6
#########################################################################
#                   ----Sri Lanka XXXX PVT. LTD.----                 
# This system is for the use of authorized users only.             
# Individuals using this computer system without authority, or                     
# in excess of their authority, are subject to having all of                         
# activities on this system monitored and recorded by system personnel.
#########################################################################
-bash-3.00$


For telnet we can place a banner to display while trying to access server by editing /etc/default/telnetd file.


# vi /etc/default/telnetd
"/etc/default/telnetd" [Read only] 20 lines, 652 characters
#ident  "@(#)telnetd.dfl        1.1     01/11/01 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/telnetd
#
# telnetd default settings processed via telnetd(1M).
#
# BANNER defines the connection banner which is displayed before the
# telnet login prompt, see telnetd(1M) for details.  The following
# commented line shows the default value.
#
#BANNER="\\r\\n\\r\\n`uname -s` `uname -r`\\r\\n\\r\\n"
#
#
# Suppress the telnet banner by supplying a null definition.
#
BANNER="**********************Warning************************\\r\\n\\r\\n uthorized uses only.All activity may be monitored and reported\\r\\n\\r\\n"


For SSH:



# vi /etc/ssh/sshd_config
.
.
.
# Banner to be printed before authentication starts.
Banner /etc/issue
.
.

.

Eg:
>telnet 172.16.0.4
**********************Warning************************

 uthorized uses only.All activity may be monitored and reported

login:

Friday, March 7, 2014

See default ports in solaris 10

4:04 AM  Unknown  1 comment
# cat /etc/services
#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)services   1.34    08/11/19 SMI"
#
# Network services, Internet style
#
tcpmux          1/tcp
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
daytime         13/tcp
daytime         13/udp
netstat         15/tcp
chargen         19/tcp          ttytst source
chargen         19/udp          ttytst source
ftp-data        20/tcp
ftp             21/tcp
ssh             22/tcp                          # Secure Shell
telnet          23/tcp
smtp            25/tcp          mail
time            37/tcp          timserver
time            37/udp          timserver
name            42/udp          nameserver
whois           43/tcp          nicname         # usually to sri-nic
domain          53/udp
domain          53/tcp
bootps          67/udp                          # BOOTP/DHCP server
bootpc          68/udp                          # BOOTP/DHCP client
kerberos        88/udp          kdc             # Kerberos V5 KDC
kerberos        88/tcp          kdc             # Kerberos V5 KDC
hostnames       101/tcp         hostname        # usually to sri-nic
pop2            109/tcp         pop-2           # Post Office Protocol - V2
pop3            110/tcp                         # Post Office Protocol - Version 3
sunrpc          111/udp         rpcbind
sunrpc          111/tcp         rpcbind
imap            143/tcp         imap2           # Internet Mail Access Protocol v2
ldap            389/tcp                         # Lightweight Directory Access Protocol
ldap            389/udp                         # Lightweight Directory Access Protocol
dhcpv6-client   546/udp         dhcpv6c         # DHCPv6 Client (RFC 3315)
dhcpv6-server   547/udp         dhcpv6s         # DHCPv6 Server (RFC 3315)
submission      587/tcp                         # Mail Message Submission
submission      587/udp                         #    see RFC 2476
ldaps           636/tcp                         # LDAP protocol over TLS/SSL (was sldap)
ldaps           636/udp                         # LDAP protocol over TLS/SSL (was sldap)
#
# Host specific functions
#
tftp            69/udp
rje             77/tcp
finger          79/tcp
link            87/tcp          ttylink
supdup          95/tcp
iso-tsap        102/tcp
x400            103/tcp                         # ISO Mail
x400-snd        104/tcp
csnet-ns        105/tcp
pop-2           109/tcp                         # Post Office
uucp-path       117/tcp
nntp            119/tcp         usenet          # Network News Transfer
ntp             123/tcp                         # Network Time Protocol
ntp             123/udp                         # Network Time Protocol
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp                         # NETBIOS Name Service
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp                         # NETBIOS Datagram Service
netbios-ssn     139/tcp                         # NETBIOS Session Service
netbios-ssn     139/udp                         # NETBIOS Session Service
NeWS            144/tcp         news            # Window System
slp             427/tcp         slp             # Service Location Protocol, V2
slp             427/udp         slp             # Service Location Protocol, V2
mobile-ip       434/udp         mobile-ip       # Mobile-IP
cvc_hostd       442/tcp                         # Network Console
ike             500/udp         ike             # Internet Key Exchange
uuidgen         697/tcp                         # UUID Generator
uuidgen         697/udp                         # UUID Generator
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec            512/tcp
login           513/tcp
shell           514/tcp         cmd             # no passwords used
printer         515/tcp         spooler         # line printer spooler
courier         530/tcp         rpc             # experimental
uucp            540/tcp         uucpd           # uucp daemon
biff            512/udp         comsat
who             513/udp         whod
syslog          514/udp
talk            517/udp
route           520/udp         router routed
ripng           521/udp
klogin          543/tcp                         # Kerberos authenticated rlogin
kshell          544/tcp         cmd             # Kerberos authenticated remote shell
new-rwho        550/udp         new-who         # experimental
rmonitor        560/udp         rmonitord       # experimental
monitor         561/udp                         # experimental
pcserver        600/tcp                         # ECD Integrated PC board srvr
sun-dr          665/tcp                         # Remote Dynamic Reconfiguration
kerberos-adm    749/tcp                         # Kerberos V5 Administration
kerberos-adm    749/udp                         # Kerberos V5 Administration
kerberos-iv     750/udp                         # Kerberos V4 key server
krb5_prop       754/tcp                         # Kerberos V5 KDC propogation
ufsd            1008/tcp        ufsd            # UFS-aware server
ufsd            1008/udp        ufsd
cvc             1495/tcp                        # Network Console
ingreslock      1524/tcp
www-ldap-gw     1760/tcp                        # HTTP to LDAP gateway
www-ldap-gw     1760/udp                        # HTTP to LDAP gateway
listen          2766/tcp                        # System V listener port
nfsd            2049/udp        nfs             # NFS server daemon (clts)
nfsd            2049/tcp        nfs             # NFS server daemon (cots)
eklogin         2105/tcp                        # Kerberos encrypted rlogin
lockd           4045/udp                        # NFS lock daemon/manager
lockd           4045/tcp
ipsec-nat-t     4500/udp                        # IPsec NAT-Traversal
dtspc           6112/tcp                        # CDE subprocess control
fs              7100/tcp                        # Font server
#[swat] The swat service is added by the SUNWsmbar package.
#[swat] Removing the swat service manually while SUNWsmbar
#[swat] package is installed in the system can cause issues
#[swat] with smf(5) stability or with zones(5) installation.
swat            901/tcp                         # Samba Web Adm.Tool
apocd   38900/udp
snmpd           161/udp        snmp             # SMA snmp daemon
servicetag      6481/udp
servicetag      6481/tcp
You can just edit and restart 

Subscribe to: Posts (Atom)