26 replies to this topic

[damtom85]

Hi.

Quick question, if I change password for root from default, no one can access box through telnet and ftp. Is there any other way to access box content or settings? For example installing file manager and deleting file with new password, I've seen this on different image.

Thanks for answers

[Trial]

Hi,

Samba and WebInterface.

 

ciao

[stejk]

opkg install mc
mcedit /etc/enigma2/settings

config.OpenWebif.auth=true

samba

opkg remove sambaserver

or

chmod 644 /etc/network/if-up.d/01samba-start

and telnet

mcedit /etc/inetd.conf

# telnet          stream  tcp     nowait  root    /usr/sbin/telnetd       telnetd

Edited by stejk, 8 March 2016 - 20:42.

[mirakels]

why install 'mc'?

[stejk]

My favorite visual file manager.

[damtom85]

You lost me now people. So even if password for root is changed, someone still can get to box through samba and webinterface? So using samba someone can access root folder even though password is set? Can password be set on samba?

[damtom85]

and telnet

mcedit /etc/inetd.conf

# telnet          stream  tcp     nowait  root    /usr/sbin/telnetd       telnetd

What this code means?

[stejk]

 

and telnet

mcedit /etc/inetd.conf

# telnet          stream  tcp     nowait  root    /usr/sbin/telnetd       telnetd

What this code means?

 

You run mcedit. mcedit in my favorite visual file manager. And via this manager you edit this config file /etc/inetd.conf.

And you must in this file add #. This means this line is 'just comment'. And inetd will not start this program (/usr/sbin/telnetd) after start your box.

[damtom85]

Ok, i understand now, what about samba any chance to set username and password?

[littlesat]

Why.... Use openvpn instead....

[betacentauri]

What do you want to do?
Do you want to access the box from Internet? If yes, use a VPN tunnel. Password protection is never perfect and don't think that all software on the box have no security issues. The box is not designed for it.

[malakudi]

There are ways to secure the box if that is what you want.

1. disable telnet/ftp, only allow ssh/sftp

2. disable root login for ssh with password, only allow login with authorized key.

3. disable / access from samba, only allow /media/hdd

 

but I haven't understand what you are trying to achieve. If you want to use the box from the internet, better use VPN tunnel as others said.

[damtom85]

There are ways to secure the box if that is what you want.
1. disable telnet/ftp, only allow ssh/sftp
2. disable root login for ssh with password, only allow login with authorized key.
3. disable / access from samba, only allow /media/hdd

but I haven't understand what you are trying to achieve. If you want to use the box from the internet, better use VPN tunnel as others said.

I want to block access to box, so no one can see config files, etc, even if person has access to box with remote or openwebif

[Meega]

You can set a password on the menu, I think

[malakudi]

I want to block access to box, so no one can see config files, etc, even if person has access to box with remote or openwebif

 

 

Why? What will you gain with that? Unless you want to supply "protected" boxes with certain paytv pirated programs, I don't see a reason why to do this. And if that is what you want, you will not find that kind of support here.

Even if you managed to block all access, a skilled person can still takeover an enigma2 box. Change CFE to boot from usb, then mount internal flash. It can easily be done on some boxes (like DMM), more difficult to some others but still, it can be done. So you can't do what you think on enigma2 boxes. They are called "open" for a reason.

[WanWizard]

Download a plugin to reset the password and you're in again...

[malakudi]

I've seen so called "locked" boxes that some piracy groups are offering to their clients. They have telnet/ftp closed, they only allow ssh but not with password, so even if you reset it you can't log in. smb only allows /media etc. software manager is removed so you can't install ipks from a usb. And some other protections too. But still, you can boot the box from USB and remove any or all of those "protections". So after all, those protections were for nothing. Pitty the ignorant fools ...

[damtom85]

I live in shared accommodation and there is that moron who live as well, and he keeps deleting files from box, I changed password to root and ftp but he has done it again. I'm sure if he has done it through samba or remote. He doesn't have physical access to box as it is in cabinet with lock glass door. So it must be through remote or samba or shh. I'm not sure what his skills are, but can u help me block all three.

Edited by damtom85, 10 March 2016 - 10:49.

[malakudi]

Well, for samba, edit /etc/samba/smb.conf and remove section [root]

[root]

path = /

read only = no

guest ok = yes

browseable = yes

create mask = 0777

directory mask = 0777

 

If he had once access in your box, he might have installed a back door himself. So a reflash with original software is mandatory.

[WanWizard]

Remote "guest ok", that allows access without a username/password.