From owner-freebsd-questions Thu Jul 26 11:52: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from intergate.sdccd.cc.ca.us (intergate.sdccd.cc.ca.us [209.129.16.2]) by hub.freebsd.org (Postfix) with ESMTP id 5C41D37B403 for ; Thu, 26 Jul 2001 11:52:04 -0700 (PDT) (envelope-from efortenb@sdccd.cc.ca.us) Received: from ntxdistrict.sdccd.cc.ca.us (ntxdistrict.sdccd.cc.ca.us [10.1.100.1]) by intergate.sdccd.cc.ca.us (8.8.7/8.8.7) with ESMTP id LAA20939; Thu, 26 Jul 2001 11:01:51 -0700 (PDT) Received: by NTXDISTRICT with Internet Mail Service (5.5.2652.78) id ; Thu, 26 Jul 2001 11:54:18 -0700 Message-ID: From: Erin Fortenberry To: "'G D McKee'" , Lee Mark Mercado Cc: freebsd-questions@FreeBSD.ORG Subject: RE: login access Date: Thu, 26 Jul 2001 11:54:03 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2652.78) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Put a # in front of the relevant lines in your etc/inetd.conf > file. Then HUP inetd. This is going to block all people from being able to have access via those ports. What I would do (and have done) to build a firewall (ipf, ipfw, etc.) and block any open ports to the machine. You need to remove telnet anyways, or at least fix it. I would suggest running an ssh daemon like openssh, you can build it out of the ports. Blocking ports is only the beginning of actually securing the machine. You need to add users with using a shell that will not give them access such as /bin/nologin. You can also add users to the /etc/ftpusers file to block their being able to use ftp. Erin > Gordon > > ----- Original Message ----- > From: "Lee Mark Mercado" > To: > > > how could i deny login from FTP, TELNET - allowing only > POP3 access ? > > > > please help. thx> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message