Should you disable telnet, ftp, rlogin/rsh in Solaris 10?

Yes! These services should be disabled by default on any public internet facing Solaris machines since they transmit login information in the clear and are also easily spoofed. You should already be using the built in secure protocols like SSH and SFTP if you are on anything other than a closed test network.

These commands will work with the services administration in Solaris 10 and Solaris 11. In previous versions of Solaris, these protocols can be disabled in the init.d start-up scripts. But if you’re still using Solaris 9 and below, what century are you in? Even Sun/Oracle Solaris 10 is pretty much relegated to legacy research systems these days.

/usr/sbin/svcadm disable svc:/network/telnet:default

/usr/sbin/svcadm disable svc:/network/login:rlogin

/usr/sbin/svcadm disable svc:/network/ftp:default

Check that the services are disabled using the following commands:

/usr/bin/svcs –a | grep telnet

/usr/bin/svcs –a | grep rlogin

/usr/bin/svcs –a | grep ftp

Have fun, but if you are really serious about system security, try using SELinux on Red Hat Enterprise Linux. Though even that can’t keep some administrators out of trouble. Be vigilant and update your servers often!