Yes. How would you restrict telnet without cfengine? Would you kill
the telnetd process? remove execute permissions from
/usr/bin/telnetd? remove /etc/xinetd.d/telnet and kill -HUP xinetd?
would you edit your iptables configuration to make sure port 23 is not
open? CFEngine can do any and all of the above. If you can do it
from a root shell, you can do it using CFEngine.
Here is an example of making sure telnetd process is not running:
processes:
"telnetd"
signals => { "term", "kill" },
comment => "We don't want telnet running. It's 2012.";
This will scan the process table for the pattern "telnetd" and that
process will then experience the signals TERM and KILL, in that
sequence.
Does that help?
Best,
-at
On Tue, Sep 25, 2012 at 9:11 PM, <no-re...@cfengine.com> wrote:
> Forum: CFEngine Help
> Subject: Disable telnet with cfengine
> Author: marlonc
> Link to topic: https://cfengine.com/forum/read.php?3,27565,27565#msg-27565
>
> Hi
>
> Can we disable or restrict telnet and other ports using cfengine policy? Do
> you have an example??
>
> Thanks...
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
--
Upcoming Trainings:
"Time Management for System Administrators" 28 Sep 2012 at Ohio Linux
Fest (http://ohiolinux.org/register)
"Editing with vi" 28 Sep 2012 at Ohio Linux Fest (http://ohiolinux.org/register)
"Automating System Administration with CFEngine 3" 22-25 Oct 2012 in
Palo Alto, CA (http://cfengine.eventbrite.com/)
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
