R T M 3 2 0 5 U s e r M a n u a l
58
C H A P T E R F I V E
59
R T M 3 2 0 5 U s e r M a n u a l
S E C U R I T Y
Disable Protocols
See below for instructions on how to completely disable the following protocols: Telnet, Time, Day-
time, SSH, SNMP, and HTTPS. See
Chapter 9 - PTP/IEEE-1588 Option
for how to disable PTP.
The Network Time Protocol (NTP) cannot be disabled.
Disable Telnet, Time and Daytime
To disable Telnet, Time and Daytime use the
inetdconfig
command to start an interactive script
that will ask you which protocols to disable. Then it will modify the
/etc/inetd.conf
file, which is read
by the super-server daemon,
inetd
. Requests from remote hosts for protocols not configured in
/etc/
inetd.conf
will be refused. Currently, three servers are configurable via
inetdconfig
: Time and
Daytime (whose protocol servers are contained within the
inetd
daemon itself), and
in.telnetd
.
Any one or all of these may be enabled or disabled for start-up.
Disable SNMP, SSH and HTTPS
To disable SNMP, SSH or HTTPS, you only have to modify the file mode of the scripts that control
their execution. These are located in the /
etc/rc.d
directory.To disable any of these daemons, issue
one or more of these commands:
chmod -x /etc/rc.d/rc.snmpd
chmod -x /etc/rc.d/rc.sshd
chmod -x /etc/rc.d/rc.httpd
After issuing these commands, you must copy the modified file(s) to the non-volatile FLASH area
using one or more of these commands:
cp -p /etc/rc.d/rc.snmpd /boot/etc/rc.d
cp -p /etc/rc.d/rc.sshd /boot/etc/rc.d
cp -p /etc/rc.d/rc.httpd /boot/etc/rc.d
Reboot RTM3205 when done for the changes to take effect.
IMPORTANT
After modifying
/etc/rc.d/rc.snmpd, rc.sshd or rc.httpd
, you must copy them to the
/boot/etc/rc.d
directory and reboot the system. It is very important to use the
-p
when performing the copy. During the
boot process, the files contained in the
/boot/etc/rc.d
directory are copied to the working
/etc/rc.d
direc-
tory on the system RAM disk. In this way the factory defaults are overwritten.
Re-Enable SNMP, SSH and HTTPS
If you have disabled SNMP, SSH or HTTPS, and you want to re-enable it, all you need to do is re-
move the
rc
file from the
/boot/etc/rc.d
directory using one or more of these commands:
rm /boot/etc/rc.d/rc.snmpd
rm /boot/etc/rc.d/rc.sshd
rm /boot/etc/rc.d/rc.httpd
Summary of Contents for RTM3205
Page 2: ......
Page 6: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 18: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 126: ...R T M 3 2 0 5 U s e r M a n u a l 108 A P P E N D I X A This page intentionally left blank...
Page 154: ...R T M 3 2 0 5 U s e r M a n u a l 136 A P P E N D I X E This page intentionally left blank...
Page 156: ...R T M 3 2 0 5 U s e r M a n u a l 138 A P P E N D I X F This page intentionally left blank...
Page 160: ...R T M 3 2 0 5 U s e r M a n u a l 142 A P P E N D I X G This page intentionally left blank...
Page 168: ...R T M 3 2 0 5 U s e r M a n u a l 150 A P P E N D I X J This page intentionally left blank...
Page 179: ......