From mboxrd@z Thu Jan 1 00:00:00 1970 From: wkt@tuhs.org (Warren Toomey) Date: Sat, 11 Mar 2017 07:38:00 +1000 Subject: [TUHS] UUCP: working systems, come and get them In-Reply-To: <8B3FAE59-6E18-4EDE-B81A-633963D50BD2@superglobalmegacorp.com> References: <20170307070941.GA2012@minnie.tuhs.org> <20170307090908.GA9793@minnie.tuhs.org> <20170307204307.GA23160@minnie.tuhs.org> <20170308092052.GA13593@minnie.tuhs.org> <8B3FAE59-6E18-4EDE-B81A-633963D50BD2@superglobalmegacorp.com> Message-ID: <20170310213800.GB6781@minnie.tuhs.org> On Fri, Mar 10, 2017 at 08:25:25PM +0800, Jason Stevens wrote: > I've now got it working and it made me think a little. > In order to do these "serial ports over TCP" things, we basically are > putting login prompts out to the Internet. Is it possible to restrict > things so the only user allowed on ttyN is 'uucp', or should I just > put in iptables rules to only allow traffic from my UUCP peers? > john Use the 4.3BSD branch. In these systems, I've set the serial ports as insecure in /etc/ttys, so people can't login as root. Then, remove all users from the password file (with vipw) except root and uucp. Or, keep one non-root user for you to login as. If you leave vax780 running in 'screen', you can still login as root there. Cheers, Warren -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: