[ale] Red Hat 7.1 TCP-Wrapper (/usr/sbin/tcpd) Problems
Chris Ricker
kaboom at gatech.edu
Sat Jun 23 03:15:38 EDT 2001
On Thu, 21 Jun 2001, VISH,GEORGE (HP-USA,ex1) wrote:
>
> Does anyone know how to properly configure tcpd to integrate
> into the new /etc/xinetd.d/* configuration files??? The man
> page for tcpd references older examples from RH6.2 using
> inetd.conf?!?
>
> I tried this in /etc/xinetd.d/telnet:
>
> service telnet
> {
> flags = REUSE
> socket_type = stream
> wait = no
> user = root
> server = /usr/sbin/tcpd #<--- Modified This
> server_args = /usr/sbin/in.telnetd #<--- Added This
> log_on_failure += USERID
> disable = no
> }
don't do that. xinetd is compiled against libwrap, so you don't have to
make any changes to the config files to get it to read hosts.allow and
hosts.deny
note that xinetd also has built-in internal support for host checking
similar to what tcp wrappers provides, so you can either do (example for
telnet) something like:
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
and then put the appropriate hosts in /etc/hosts.[allow deny] for the
/usr/sbin/in.telnetd service, or you could do it directly in xinetd by
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
only_from = good.guy.com
no_access = bad.cracker.com
}
later,
chris
--
Chris Ricker kaboom at gatech.edu
chris.ricker at genetics.utah.edu
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list