Re: Re: [suse-security] libwrap supported services
Thx Armin,
Last time I had a look on a SLES9 box, there were no such list in allow or deny file. It seems that the implementation is a little different with workstation versions (including inetd/xinetd).
Do you think this is a complete list of services (with the files in /etc/xinetd.d, of course)?
Petteri
-----Original Message-----
From: Armin Schoech
Is there a list (or a way to find out in a running system) somewhere for libwrap supported services?
--> in SuSE 9.3 at least, there is a list of services and some other information in /etc/hosts.allow On my system it looks like: # /etc/hosts.allow # See `man tcpdX and `man 5 hosts_accessX for a detailed description # of /etc/hosts.allow and /etc/hosts.deny. # # short overview about daemons and servers that are built with # tcp_wrappers support: # # package name | daemon path | token # ---------------------------------------------------------------------------- # ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port> # quota | /usr/sbin/rpc.rquotad | rquotad # tftpd | /usr/sbin/in.tftpd | in.tftpd # portmap | /sbin/portmap | portmap # The portmapper does not verify against hostnames # to prevent hangs. It only checks non-local addresses. # # (kernel nfs server) # nfs-utils | /usr/sbin/rpc.mountd | mountd # nfs-utils | /sbin/rpc.statd | statd # # (unfsd, userspace nfs server) # nfs-server | /usr/sbin/rpc.mountd | rpc.mountd # nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd # # (printing services) # lprng | /usr/sbin/lpd | lpd # cups | /usr/sbin/cupsd | cupsd # The cupsd server daemon reports to the cups # error logs, not to the syslog(3) facility. # # All of the other network servers such as samba, apache or X, have their own # access control scheme that should be used instead. # # In addition to the services above, the services that are started on request # by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses # the last component of the server pathname as a token to match a service in # /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names. # HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Hei,
Last time I had a look on a SLES9 box, there were no such list in allow or deny file. It seems that the implementation is a little different with workstation versions (including inetd/xinetd).
--> I don't have this list on my SuSE 9.1 box, only on SuSE 9.3 So probably you're right that it has been introduced only lately.
Do you think this is a complete list of services (with the files in /etc/xinetd.d, of course)?
--> I don't really know. But if you really want to be sure, you could use a command like "ldd /usr/sbin/* /sbin/* ..." to list all libraries used by the different programs. Then you have to look for "libwrap" to find the tcp-wrapper. This will list only programs using the shared version of libwrap, though. Programs compiled linking libwrap statically are probably much harder to nail down. Good luck! Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Hello, Am Donnerstag, 17. November 2005 12:31 schrieb Armin Schoech: [...]
Do you think this is a complete list of services (with the files in /etc/xinetd.d, of course)?
--> I don't really know. But if you really want to be sure, you could use a command like "ldd /usr/sbin/* /sbin/* ..."
to list all libraries used by the different programs. Then you have to look for "libwrap" to find the tcp-wrapper. This will list only programs using the shared version of libwrap, though.
For a fast overview, you can also try rpm -q --whatrequires libwrap.so.0 ;-)
Programs compiled linking libwrap statically are probably much harder to nail down.
I guess rpm also doesn't know about them. Regards, Christian Boltz -- One of the main reasons for the downfall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs.
participants (3)
-
Armin Schoech -
Christian Boltz -
Petteri Hakkarainen