tcp wrappers problem

From: roy gordon (royg_at_semantic.com)
Date: 08/27/03

Next message: Casper H.S. ***: "Re: tcp wrappers problem"

Previous message: Henrik Falk: "Re: National Security Backdoor in telnetd - all versions."
Next in thread: Casper H.S. ***: "Re: tcp wrappers problem"
Reply: Casper H.S. ***: "Re: tcp wrappers problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Aug 2003 16:58:13 -0700

We have some problems getting tcp wrappers on Solaris 8 to work
properly

We're using the tcp_wrappers_7.6-ipv6 source, and made the appropriate
Makefile changes. (I'll include the Make line, below.)

However, I cannot get username@host to work, nor does hosts.allow seem
to work properly.

We've kept the daemons in their original place and have modified the
inetd.conf file. tcpdchk reports no problems.

In the test setup there are two remote machines: simba and maya (this
is on an internal network, so there's nothing further).

Here's what hosts.allow is:

ALL: simba: ALLOW
ALL: ALL: DENY

There is no hosts.deny.

What happens here is that I can log in from both simba and maya,
although it seems that maya should be prohibited.

tpcdmatch seems also to indicate that telnet from maya will be granted
even though we see that the command is DENY. However, if I add maya to
the hosts.deny file, then connections will be refuse.

fern<rgordon>35: tcpdmatch in.telnetd simba
client: hostname simba
client: address xxx.yyy.xxx.yyy
server: process in.telnetd
matched: /etc/hosts.allow line 1
command: ALLOW
access: granted
fern<rgordon>36: ^simba^maya
tcpdmatch in.telnetd maya
client: hostname maya
client: address xxx.xxx.xxx.xxx
server: process in.telnetd
matched: /etc/hosts.allow line 2
command: DENY
access: granted
fern<rgordon>37:

In any case, however, username@host, e.g., rgordon@maya won't work (if
we added the following line, for example, to hosts.allow):

ALL: rgordon@maya ALLOW

Even though tcpdmatch indicates that it should:

fern<rgordon>39: tcpdmatch in.telnetd rgordon@maya
client: hostname mayxx.xx.xxx.xxx
client: username rgordon
server: process in.telnetd
matched: /etc/hosts.allow line 2
command: ALLOW
access: granted

------------------------ Make output -----------------------

fern<rgordon>45: make sunos5
cc -O -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP
-DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-DSOLARIS_24_GETHOSTBYNAME_BUG -DDAEMON_UMASK=022
-DREAL_DAEMON_DIR=\"/usr/sbin\" -DSEVERITY=LOG_INFO
-DRFC931_TIMEOUT=10 -DHOSTS_DENY=\"/etc/hosts.deny\"
-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DTLI -DALWAYS_HOSTNAME
-DHAVE_IPV6 -c tcpd.c
:
:
[ etc. ]

cc -O -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP
-DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-DSOLARIS_24_GETHOSTBYNAME_BUG -DDAEMON_UMASK=022
-DREAL_DAEMON_DIR=\"/usr/sbin\" -DSEVERITY=LOG_INFO
-DRFC931_TIMEOUT=10 -DHOSTS_DENY=\"/etc/hosts.deny\"
-DHOSTS_ALLOW=\"/etc/hosts.allow\" -DTLI -DALWAYS_HOSTNAME
-DHAVE_IPV6 -o tcpd tcpd.o libwrap.a -lsocket -lnsl

Next message: Casper H.S. ***: "Re: tcp wrappers problem"

Previous message: Henrik Falk: "Re: National Security Backdoor in telnetd - all versions."
Next in thread: Casper H.S. ***: "Re: tcp wrappers problem"
Reply: Casper H.S. ***: "Re: tcp wrappers problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]