[Info-vax] prevent user login during and after startup

David Froble davef at tsoft-inc.com
Tue Sep 16 19:28:46 EDT 2014 

Paul Sture wrote:
> On 2014-09-16, David Froble <davef at tsoft-inc.com> wrote:
>> Bob Gezelter wrote:
>>
>>> First, I must note that I am offsite without my laptop, so I do not
>>> have access to check some things.
>>>
>>> An approach that I have used in several similar situations is similar
>>> to what Dan has mentioned: code inserted into SYS$MANAGER:SYLOGIN.COM
>>> to check several conditions prior to allowing a login to continue.
>>>
>>> In this case, that would work.
>>>
>>> In any event, my recollection is that the code that actually does the
>>> startup of telnet is in SYS$STARTUP:TCPIP$STARTUP.COM. I would have to
>>> sit down with a listing (which I cannot do where I am at the moment),
>>> but it should be straightforward to suppress the starting of telnet
>>> from that point.
>>>
>>> At a later point in the startup, when telnet use is acceptable, one can
>>> start telnet by invoking SYS$MANAGER:TCPIP$TELNET_STARTUP.COM.
>>>
>> I think Bob has the correct approach.  I found the following in 
>> SYS$STARTUP:TCPIP$STARTUP.COM
>>
>> $         config_proc = f$edit("sys$manager:tcpip$config.com","upcase")
>> $         @'config_proc' dhcp_client enable
>> $         @'config_proc' ftp_client enable
>> $         @'config_proc' telnet enable
>>
>> Possibly a "!" in that last line might inhibit starting TelNet services. 
>>   Don't know, I haven't tested this.
> 
> This type of thing was easier in the days of terminal servers where we
> could comment out the startup for the devices serving the user but
> leave our own intact (hate working in computer rooms - it's much better
> to retreat to the comfort of your office with coffee and documentation on
> tap ASAP).
> 
> Now your above sequence of commands is probably TCP/IP version specific,
> so let's have another look at the original post:
> 
>> DEC TCP/IP 4.2 (UCX), VAX VMS 7.1, emulated VAX 4000-105A (Charon-VAX)
> 
> Yep, an old version of UCX.

Regardless of version, there is something somewhere that starts the 
Telnet service.  Inhibit that, whatever it is, and you got the request 
fulfilled.

> Now a question for the Charon-VAX experts: Do VMS network connections
> pass through the host O/S or is it possible to apply a firewall at the
> host O/S level to restrict access on a temporary basis?
>

More information about the Info-vax mailing list