[2026] in linux-security and linux-alert archive
[linux-security] Problem with TCP_wrappers
daemon@ATHENA.MIT.EDU (Jan-Philip Velders)
Wed Aug 5 05:02:02 1998
Date: Wed, 5 Aug 1998 10:30:03 +0200 (CEST)
From: Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl>
To: linux-security@redhat.com
cc: jpv@aacc.nl
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Hi,
I'm running into something weird here.
I'm using RH5.1 with tcp_wrappers 7.6.
The syntax for hosts.allow and hosts.deny is:
<service list> : <access list> [ : <shell_command> ]
Everything works when I _don't_ use the shell_command.
I used the _exact_ line as in the man-pages utilising "safe_finger" (comes
with tcp_wrappers), tcpdchk will break on it. And the tcp_wrappers will
"ignore" the line, in my test I used a default deny and opened up ftp to
all and put the safe_finger line in; result: I can't ftp to localhost or
from any other machine via TCP/IP...
Does anybody know if this is standard behaviour under RH5.1 ?
I do like to use the feature to log all the info tcp_wrappers can obtain
about the remote-side.
The tcp_wrappers also have a special compile-time-option which gives more
functionality with all the rules, but then you have to combine all the rules
into _one_ file "hosts.access" (I think!), and hosts.{allow,deny} don;t
function. But it doesn't look like it's compiled that way
(-DPROCESS_OPTIONS)...
Can somebody shine a light on this ?
Thanks in advance!
Greetings,
Jan-Philip Velders
<jpv@aacc.nl
<jpv@jvelders.tn.tudelft.nl>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Nederlandse Linux GebruikersGroep : http://www.nllgg.nl |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null