Revision as of 21:27, 7 March 2018 edit Ringbang (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers 22,750 edits m fixed citation ← Previous edit		Revision as of 04:53, 6 April 2018 edit undo 2600:8800:1880:91e:5604:a6ff:fe38:4b26 (talk) restore security section Next edit →
Line 67: ===ruptime=== Just as the {{code\|uptime}} command shows how long a Unix system has been running since the last restart, {{code\|ruptime}} requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then ruptime reports that the system is [[Downtime\|down]].<ref>{{cite web \|url=https://www.systutorials.com/docs/linux/man/1-ruptime/ \|title=ruptime (1) - Linux Man Pages \|website=SysTutorials \|access-date=2018-03-07}}</ref> This information is tracked and stored by the daemon rwhod, which is also used by the rwho command.<ref name="syst_rwhod"/> == Security == Those r-commands which involve user authentication (rcp, rexec, rlogin, and rsh) share several serious security vulnerabilities: * All information, including passwords, is transmitted unencrypted (making it vulnerable to interception). * The .rlogin (or .rhosts) file is easy to misuse. They are designed to allow logins without a [[password]], but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit .rhosts files, and actively scrutinize their networks for offenders. * The protocol partly relies on the remote party's rlogin client to provide information honestly, including source port and source host name. A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of [[Authentication\|authenticating]] other machines' identities, or ensuring that the requesting client on a trusted machine is the real rlogin client. * The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of [[Network File System\|NFS's]] security faults automatically plague rlogin. Due to these problems, the r-commands fell into relative disuse (with many Unix and [[Linux]] distributions no longer including them by default). Many networks that formerly relied on rlogin and telnet have replaced them with [[Secure shell\|SSH]] and its rlogin-equivalent ''slogin''.<ref name="Sobell">{{cite book\|last=Sobell\|first=Mark\|title=A Practical Guide to Linux Commands, Editors, and Shell Programming\|ISBN=978-0-13-136736-4\|date=2010\|publisher=Pearson Education, Inc}}</ref><ref name="iu">{{cite web\|title=Unix job control command list\|publisher=Indiana University\|url=https://kb.iu.edu/d/afnw\|accessdate=20 December 2014}}</ref> == See also == * [[List of Unix commands]] * [[Secure Shell]] ==Notes==

Berkeley r-commands: Difference between revisions