[5498] in Athena Bugs
vax 7.0F: Privatized workstation isn't
daemon@ATHENA.MIT.EDU (Ron M. Hoffmann)
Wed Jul 11 11:06:28 1990
From: hoffmann@MIT.EDU (Ron M. Hoffmann)
To: bugs@ATHENA.MIT.EDU
Date: Wed, 11 Jul 90 11:06:03 EDT
System name: paddington
Type and version: CVAXSTAR 7.0F
Display type: SM
What were you trying to do?
Prevent unauthorized users from remotely logging
in to my workstation.
What's wrong:
Things don't work as they used to. Despite my best
attempts at setting rc.conf variables, "last" still
shows logins by unauthorized users
What should have happened:
Unauthorized users (not in the /etc/passwd file of
my workstation) shouldn't be able to log in.
Please describe any relevant documentation references:
Copy of my rc.conf:
#!/bin/sh
#
# This is the system-specific boot-time configuration file. It
# sets configuration variables for use by /etc/rc.
#
# $Source: /paris/source/config/files/RCS/rc.conf,v $
# $Header: /paris/source/config/files/RCS/rc.conf,v 1.8 89/11/27 17:53:25 probe Exp $
# $Author: probe $
#
#
#
# Set up configuration variables.
HOST=paddington; export HOST # Hostname
ADDR=18.72.1.1; export ADDR # Internet address
PUBLIC=false; export PUBLIC # Public workstation?
ERRHALT=true; export ERRHALT # Halt on fatal error?
LPD=false; export LPD # Run line printer daemon?
RVDSRV=false; export RVDSRV # RVD server?
RVDCLIENT=true; export RVDCLIENT # RVD client?
NFSSRV=false; export NFSSRV # NFS server?
NFSCLIENT=true; export NFSCLIENT # NFS client?
AFSSRV=false; export AFSSRV # AFS server?
AFSCLIENT=true; export AFSCLIENT # AFS client?
RPC=false; export RPC # RPC daemons - on if NFSSRV is
SAVECORE=false; export SAVECORE # Save vmunix core files?
SENDMAIL=false; export SENDMAIL # Run sendmail daemon?
QUOTAS=false; export QUOTAS # Use disk quotas?
ACCOUNT=false; export ACCOUNT # User accounting?
OLC=false; export OLC # OLC daemon?
SNMP=true; export SNMP # SNMP daemon?
TIMESRV=false; export TIMESRV # Time server?
NEWMAILCF=false; export NEWMAILCF # Build new mail config file?
KNETD=false; export KNETD # Kerberos remote services?
TIMEHUB=kerberos.MIT.EDU; export TIMEHUB # Authoritative time source
ZCLIENT=true; export ZCLIENT # Zephyr client
ZSERVER=false; export ZSERVER # Zephyr server
SMSUPDATE=false; export SMSUPDATE # SMS update daemon
NOCREATE=true; export NOCREATE # Disallow the public to login?
NOATTACH=false; export NOATTACH # Disallow attaching homedirs?
AUTOUPDATE=false; export AUTOUPDATE # Auto-update?
AFSADJUST=true; export AFSADJUST # Adjust AFS cache-size?
TIMECLIENT=true; export TIMECLIENT # Timed client?
==========
Copy of my passwd (and passwd.local) file:
root:4jCLaW5i5fUlE:0:1:System PRIVILEGED Account:/:/bin/csh
operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
bin:PASSWORD HERE:3:4:Mr Binary:/bin:
jis:*:435:101:Jeffrey I. Schiller,Jeff,E40-311,38400,6413730:/mit/jis:/bin/csh
jon:*:425:101:Jon A. Rochlis,,E40-311M,6172538400,6175771685:/mit/jon:/bin/csh
srz:*:14185:101:Stanley R Zanarotti,,,,:/mit/srz:/bin/csh
tom:*:3698:101:Tom Coppeto,,E40-342BM,6172538400,6172480946:/mit/tom:/bin/csh
dennis:*:77:101:Dennis Baron,,E40-311,21232,0:/mit/dennis:/bin/csh
hoffmann:*:11817:101:Ron M. Hoffmann,WA2EYC,E40-311AM,6172538400,6174842098:/mit/hoffmann:/bin/csh
gettens:*:32318:101:Jack Gettens,,,,:/mit/gettens:/bin/csh
=========
output from "last -30" (clearly there are records of logins here
which don't appear in my passwd file):
root ttyp4 LASAGNE.MIT.EDU Wed Jul 11 10:48 - 10:53 (00:04)
hoffmann xdm0 unix:0.0 Wed Jul 11 09:34 still logged in
hoffmann xdm0 unix:0.0 Tue Jul 10 09:06 - 19:08 (10:01)
hoffmann xdm0 unix:0.0 Mon Jul 9 09:21 - 20:49 (11:28)
hoffmann xdm0 unix:0.0 Sun Jul 8 15:23 - 16:24 (01:00)
hoffmann xdm0 unix:0.0 Sun Jul 8 14:38 - 15:22 (00:44)
hoffmann ttyp0 LASAGNE.MIT.EDU Sat Jul 7 21:32 - 22:10 (00:38)
root ttyp0 LASAGNE.MIT.EDU Sat Jul 7 21:32 - 21:32 (00:00)
hoffmann xdm0 unix:0.0 Sat Jul 7 14:38 - 17:28 (02:50)
dennis ttyp0 ZITI.MIT.EDU Sat Jul 7 11:33 - 11:34 (00:01)
alikaz ttyp4 LASAGNE.MIT.EDU Fri Jul 6 20:01 - 20:10 (00:08) <===
alikaz ttyp4 M4-035-21.MIT.ED Fri Jul 6 17:52 - 17:54 (00:02) <===
hoffmann xdm0 unix:0.0 Fri Jul 6 09:58 - 22:18 (12:20)
hoffmann ttyp0 ZITI.MIT.EDU Thu Jul 5 20:35 - 21:03 (00:28)
root ttyp0 ZITI.MIT.EDU Thu Jul 5 20:34 - 20:35 (00:00)
hoffmann ftp NET-MAC-2.MIT.ED Thu Jul 5 12:03 - 12:08 (00:04)
hoffmann xdm0 unix:0.0 Thu Jul 5 10:03 - 18:14 (08:11)
root console Wed Jul 4 19:36 - 19:39 (00:03)
hoffmann ttyp0 ZITI.MIT.EDU Tue Jul 3 22:54 - 23:36 (00:42)
hoffmann ftp NET-MAC-2.MIT.ED Tue Jul 3 16:43 - 16:43 (00:00)
gettens ttyp5 ATHENA-MAC-5.MIT Tue Jul 3 14:15 - 14:23 (00:07)
hoffmann xdm0 unix:0.0 Mon Jul 2 09:42 - 20:14 (1+10:32)
hoffmann ttyp0 TORTELLINI.MIT.E Sun Jul 1 12:26 - 13:11 (00:44)
root ttyp0 ZITI.MIT.EDU Sun Jul 1 12:24 - 12:25 (00:00)
hoffmann xdm0 unix:0.0 Sat Jun 30 16:59 - 22:59 (06:00)
seisner ttyp1 127.0.0.1 Sat Jun 30 15:14 - 15:15 (00:00) <===
seisner ttyp0 130.46.3.121 Sat Jun 30 14:54 - 15:15 (00:21) <===
hoffmann xdm0 unix:0.0 Fri Jun 29 09:27 - 18:33 (09:05)
hoffmann xdm0 unix:0.0 Thu Jun 28 12:11 - 18:21 (06:10)
hoffmann xdm0 unix:0.0 Sun Jun 24 08:58 - 11:16 (02:18)
