1. sudo vi /etc/xinetd.d/telnet并加入以下內容:
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
更詳細的配制/etc/xinetd.d/telnet腳本
service telnet
{
disable =no
bind =192.168.1.2
only_from=192.168.1.0/24
#上面這兩行說明僅提供內部網段!
Instance =UNLIMITED
Nice =0
Flags =REUSE
socket_type=stream
wait =no
user =root
#server =/usr/sbin/telnetd
server =/usr/sbin/in.telnetd
server_args =-a none
log_on_failure +=USERID
}
service telnet
{
disable =no
bind =140.116.142.196
only_from=140.116.0.0/16
no_access=140.116.32.{10,26}
#上面三行設置外部較為嚴格的限制
instance =10
umask =022
nice =10
flags =REUSE
socket_type=stream
wait =no
user =root
#server =/usr/sbin/telnetd
server =/usr/sbin/in.telnetd
log_on_failure +=USERID
}
加設防火墻iptables:
如果想要針對192.168.0.0/24這個網段及61.xxx.xxx.xxx這個IP進行telnet開放,
可以增加下面幾行規則:
/sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23 -j
ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 61.xxx.xxx.xxx --dport 23 -j
ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 --dport 23 -j DROP
加設防火墻/etc/hosts.allow(deny)機制:
上面開放了192.168.0.0/24這個網段,但是如果您只想讓其中的
192.168.0.1~192.168.0.5進入,可以設置如下 :
vi /etc/hosts.allow
in.telnetd:192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4,192.168.0.5:allow
?
)
-fetch=join)
