are there any plans to provide T.Rex (http://www.opensourcefirewall.com/index.html) for SuSE? it sounds all very interesting ... just doesn't currently support my favoured distribution ... *greetz* from Vienna Hannes -- Johann Georg Hautzinger, email: trema@eic.at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at
Hi everybody, is there a possibility to block for example telnet or ftp connections to one machine only for specific users - the other way round: allow it only for users in a special group?!? Any help welcome!!! Thankx in advance Christoph Wegener -- Ruhr-Universitaet Bochum Lehrstuhl für Biophysik c/o Christoph Wegener Gebaeude ND 04/Nord D-44780 Bochum, GERMANY Tel: +49(234)32-25754, Fax: +49(234)32-14626 mailto://cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de __ _ / / (_)__ __ ____ __ / /__/ / _ \/ // /\ \/ / . . . t h e c h o i c e o f a /____/_/_//_/\_,_/ /_/\_\ G N U g e n e r a t i o n . . .
Christoph Wegener wrote:
Hi everybody, is there a possibility to block for example telnet or ftp connections to
For ftp try wuftp regards dominic -- _/ _/_/ dominic santi http://www.interconnective.net _/ _/ interconnective ag _/ _/ gundeldingerstrasse 197 phone +41 61 3 630 630 _/ _/_/ ch-4053 basel fax +41 61 3 630 631
SuSE 6.3 with Pam installed Thank ypu Russell /etc/security/access.conf ------------------------------------------------------------ # Login access control table. # # When someone logs in, the table is scanned for the first entry that # matches the (user, host) combination, or, in case of non-networked # logins, the first entry that matches the (user, tty) combination. The # permissions field of that table entry determines whether the login will # be accepted or refused. # # Format of the login access control table is three fields separated by a # ":" character: # # permission : users : origins # # The first field should be a "+" (access granted) or "-" (access denied) # character. # # The second field should be a list of one or more login names, group # names, or ALL (always matches). A pattern of the form user@host is # matched when the login name matches the "user" part, and when the # "host" part matches the local machine name. # # The third field should be a list of one or more tty names (for # non-networked logins), host names, domain names (begin with "."), host # addresses, internet network numbers (end with "."), ALL (always # matches) or LOCAL (matches any string that does not contain a "." # character). # # If you run NIS you can use @netgroupname in host or user patterns; this # even works for @usergroup@@hostgroup patterns. Weird. # # The EXCEPT operator makes it possible to write very compact rules. # # The group file is searched only when a name does not match that of the # logged-in user. Both the user's primary group is matched, as well as # groups in which users are explicitly listed. # ############################################################################## # # Disallow console logins to all but a few accounts. # #-:ALL EXCEPT wheel shutdown sync:console # # Disallow non-local logins to privileged accounts (group wheel). # #-:wheel:ALL EXCEPT LOCAL .win.tue.nl # # Some accounts are not allowed to login from anywhere: # #-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL # # All other accounts are allowed to login from anywhere. #
participants (4)
-
Christoph Wegener -
Dominic Santi -
Johann G. Hautzinger -
Russell Evans