TINI Hardening Page

Putting your TINI on the Internet means that anybody can try to login to it. This page provides steps that you can take to make your TINI less susceptible to hacking. You can use TEd to edit files on TINI.

TINI OS Beta 2.2

  1. Create an account (other than root) that has an ID of 128. Use a "good" password.

    useradd -n <username> -p <password> -i 128

  2. Login as the new user.

  3. Delete the guest account using the userdel command (it will not delete the root user)

    userdel guest

  4. Manually edit the /etc/passwd file and change the line for root from

    root:b9f0b678328e5f506c0290ca3b4edba1943462d9:128

    to

    root:*:0

    This will create an inactive root account with non-superuser privileges that cannot be used to login.

  5. Be sure to enable anonymous and root FTP access. This can be accomplished by removing the two lines shown here in red to your /etc/.startup file (if they are present). You will have to reboot for this to take effect. As counter-intuitive as this seems, it avoids a bug in the TINI OS Beta 2.2. FTP server which can leave your TINI wide open. Fortunately(?), anonymous FTP does not seem to work in TINI OS Beta 2.2 and root logins are impossible due to the lack of an encrypted password in root's passwd entry. 
    ########
#Autogen'd slush startup file
setenv FTPServer active
setenv TelnetServer active
setenv SerialServer active
##
#Add user calls to setenv here:
setenv FTP_ALLOW_ANON false
setenv FTP_ALLOW_ROOT false
##
initializeNetwork
########
#Add other user additions here:
These steps cannot guarantee that your TINI won't get hacked, but it will go a long way towards making it harder to hack your TINI.

If you know of any other additional hardening techniques for TINI, please send them to TINI_Hardening@smartsc.com.

This page is part of the Unofficial TINI Information Site.
Copyright © 1999,2000,2001 Smart Software Consulting