[Info-vax] prevent user login during and after startup

Paul Sture nospam at sture.ch
Tue Sep 16 18:01:50 EDT 2014 

On 2014-09-16, David Froble <davef at tsoft-inc.com> wrote:
> Bob Gezelter wrote:
>
>> First, I must note that I am offsite without my laptop, so I do not
>> have access to check some things.
>> 
>> An approach that I have used in several similar situations is similar
>> to what Dan has mentioned: code inserted into SYS$MANAGER:SYLOGIN.COM
>> to check several conditions prior to allowing a login to continue.
>> 
>> In this case, that would work.
>> 
>> In any event, my recollection is that the code that actually does the
>> startup of telnet is in SYS$STARTUP:TCPIP$STARTUP.COM. I would have to
>> sit down with a listing (which I cannot do where I am at the moment),
>> but it should be straightforward to suppress the starting of telnet
>> from that point.
>> 
>> At a later point in the startup, when telnet use is acceptable, one can
>> start telnet by invoking SYS$MANAGER:TCPIP$TELNET_STARTUP.COM.
>> 
>
> I think Bob has the correct approach.  I found the following in 
> SYS$STARTUP:TCPIP$STARTUP.COM
>
> $         config_proc = f$edit("sys$manager:tcpip$config.com","upcase")
> $         @'config_proc' dhcp_client enable
> $         @'config_proc' ftp_client enable
> $         @'config_proc' telnet enable
>
> Possibly a "!" in that last line might inhibit starting TelNet services. 
>   Don't know, I haven't tested this.

This type of thing was easier in the days of terminal servers where we
could comment out the startup for the devices serving the user but
leave our own intact (hate working in computer rooms - it's much better
to retreat to the comfort of your office with coffee and documentation on
tap ASAP).

Now your above sequence of commands is probably TCP/IP version specific,
so let's have another look at the original post:

> DEC TCP/IP 4.2 (UCX), VAX VMS 7.1, emulated VAX 4000-105A (Charon-VAX)

Yep, an old version of UCX.

Now a question for the Charon-VAX experts: Do VMS network connections
pass through the host O/S or is it possible to apply a firewall at the
host O/S level to restrict access on a temporary basis?

-- 
People who think they know everything really annoy those of us who know
we don't                                           -- Bjarne Stroustrup

More information about the Info-vax mailing list