Hi, I have a SuSE (Linux 2.2.16) box and am trying to get tcpd to restrict access Effectively I want 1 machine to have telnet access say x.x.x.x (a 102. style internal domain) I have in /etc/inetd.
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
and in /etc/hosts.allow telnet : x.x.x.x try
in.telnetd : x.x.x.x
and in /etc/hosts.deny telnet : ALL
try in.telnetd : ALL Wilko
Question is: why can anyone get on?
it is as if tcpd is not reading the /etc/hosts.* files
Thanks in advance.
Nigel
_____________________________________________________________________ This message has been checked for all known viruses by MessageLabs on behalf of Rentokil Initial plc
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Thanks All. Sorted. reference in hosts.allow/deny should have been "in.telnetd". I had read the man and man 5 pages but for some reason my brain said "use the service name" instead of "use the daemon name" even though it was quite clear in the example. Thanks again. Nigel Wilko Heyl wrote:
Hi, I have a SuSE (Linux 2.2.16) box and am trying to get tcpd to restrict access Effectively I want 1 machine to have telnet access say x.x.x.x (a 102. style internal domain) I have in /etc/inetd.
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
and in /etc/hosts.allow telnet : x.x.x.x try
in.telnetd : x.x.x.x
and in /etc/hosts.deny telnet : ALL
try
in.telnetd : ALL
Wilko
Question is: why can anyone get on?
it is as if tcpd is not reading the /etc/hosts.* files
Thanks in advance.
Nigel
_____________________________________________________________________ This message has been checked for all known viruses by MessageLabs on behalf of Rentokil Initial plc
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
_____________________________________________________________________ This message has been checked for all known viruses by MessageLabs on behalf of Rentokil Initial plc
_____________________________________________________________________ This message has been checked for all known viruses by MessageLabs on behalf of Rentokil Initial plc
Thanks All. Sorted. reference in hosts.allow/deny should have been "in.telnetd".
I had read the man and man 5 pages but for some reason my brain said "use the service name" instead of "use the daemon name" even though it was quite clear in the example.
Not necessarily: request_init(&wrap_req, RQ_DAEMON, progname , RQ_FILE, s, NULL); could be the initial call into the tcp-wrapper library. tcpd uses the last path portion of argv[0] to match against, but that does not have to be so - progname can be a char * to another string as well. Just decided to hack libwrap support into lprng and lprold.
Thanks again.
Nigel
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
Nigel Cox
-
Roman Drahtmueller
-
Wilko Heyl