September 2000
Intermediate to advanced
352 pages
6h 41m
English
book
OpenView Network Node Manager: Designing and Implementing an Enterprise Solution
by John Blommers
Content preview from OpenView Network Node Manager: Designing and Implementing an Enterprise Solution
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Special Security Configuration for UNIX in the DMZ
Limiting access into the NNM system is where security begins. Shut down all network services first, then turn on just the ones you need. Remove all user accounts and then add back the ones you need. Therefore, the file /etc/hosts.deny should contain (at least initially) the line:
ALL: ALL
in order to disable access to all services and all systems. Then you can open up the inbound telnet service to some systems by adding a line to the /etc/hosts.allow file as follows:
in.telnetd: john@master1.myco.com, bar@foo.myco.com
You may also consider completely disabling telnet and use secure shell (ssh) for remote access instead. Many UNIX system administrators swear by ssh.
You may want to further ...