- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: TCP Wrapper questions
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-02-2009 11:03 AM
тАО04-02-2009 11:03 AM
Not knowing much about the wrappers (which will become very apparent as you read this), we proceeded to put the TCP wrapper entries into our /etc/inetd.conf (adding /usr/lbin/tcpd to the appropriate lines). We did the "inetd -c" after doing this to have the changes take effect.
We noticed that certain things worked with wrappers installed (like telnet, login, shell, exec, etc) but other things did not (like omni for our backups and some hacl protocols for serviceguard).
We are assuming that the things that don't work fail because we didn't do a hosts.allow file yet.
Now we're curious as to why anything works without hosts.allow. Why does FTP and Telnet (and RSH commands) work even though they are wrapped? Isn't the default behavior for the wrappers to be "deny" unless there are entries in hosts.allow?
Any other tips or examples for the Wrappers would also be appreciated.
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-02-2009 04:42 PM
тАО04-02-2009 04:42 PM
SolutionThen only allow what is needed in the hosts.deny
According to my book (red hat) there are 3 stages of access tracking:
1-Is access explicitly permitted
2-Is access explicitly denied
3-Otherwise permit access.
So it will check host.allow to see if it allowed, if its not there it will check if it is denied hence why I use ALL:ALL here. This then stops the 3rd point above.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-02-2009 05:44 PM
тАО04-02-2009 05:44 PM
Re: TCP Wrapper questions
Data Protector has its own security since it only accepts connections from the cell manager which is defined in the cell_server file which is outside the realm of hosts.allow and hosts.deny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-08-2009 10:03 PM
тАО04-08-2009 10:03 PM
Re: TCP Wrapper questions
From your profile: you have assigned points to 14 of 81 responses....
Thanks
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2009 02:46 AM
тАО04-09-2009 02:46 AM
Re: TCP Wrapper questions
In fact, most people make fun of the entire point system - the other day some people here at work were joking that the people who beg for points live in their parents basement with the hopes of someday becoming a "Grand Wizard". (Their words not mine).
Obviously that's probably harsh - but the point is that many of us come here for answers when Google doesn't help and could care less who does the answering - we just want the answer. The "point system" gives the impression that we're somehow now involved in some kind of "geek olympics" and we'd rather just get our answer and then implement the solution - usually we don't have time in our busy work day to go back an assign points.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2009 02:54 AM
тАО04-09-2009 02:54 AM
Re: TCP Wrapper questions
Anyway, I'm sure I just got put on the "don't ever answer this guys questions list" so it was nice getting free advice while it lasted.
PS- no one has answered our real question anyway (why does telnet work without the host.allow file), so I guess it doesn't matter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2009 08:24 PM
тАО04-09-2009 08:24 PM
Re: TCP Wrapper questions
There is that. ;-)
But you can assign 0 or some trivial amount of points.
http://forums.itrc.hp.com/service/forums/helptips.do?#34
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-10-2009 07:17 AM
тАО04-10-2009 07:17 AM
Re: TCP Wrapper questions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2009 01:01 AM
тАО04-11-2009 01:01 AM
Re: TCP Wrapper questions
As I said above: there are 3 stages of access tracking:
1-Is access explicitly permitted
2-Is access explicitly denied
3-Otherwise permit access.
So if you do not have ALL:ALL in hosts.deny then number 3 comes in to play. So please let us know if you have a hosts.dent and what the content is.
AND - just for the record, my mother does not have a basement, she does have a rather nice attic. I am not aspiring to be a "grand wizard", I had a $100 bet with a colleague that I could get to "Royalty" before him - he is ahead and I am playing catch up. Perhaps that is just as sad.... ? I'm sure me and my colleagues may find some of your interests just as sad? NOW GIVE ME SOME BLOODY POINTS!!! :-) I WANT THIS $100.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 04:38 AM
тАО04-13-2009 04:38 AM