1834178
Members
2190
Online
110064
Solutions
Those entries look bogus to me. The syntax for allow/deny entries is spelled out in the inetd.sec man page. Here is the relevant snippet of how the host/network portion of the entry is specified:
_________________________________________
For example, to allow all hosts with network addresses starting with a 10, as well as the single host with address 192.54.24.5 to use rlogin:
login allow 10.* 192.54.24.5
On a system running NFS, deny host 192.54.24.5 access to sprayd, an RPC-based server:
sprayd deny 192.54.24.5
A range is a field containing a - character. To deny hosts in network 10 (arpa) with subnets 3 through 5 access to remsh:
shell deny 10.3-5.*
The following entry denies rlogin access to host cory.berkeley.edu, any hosts on the network named testlan, and the host with internet address 192.54.24.5:
login deny 192.54.24.5 cory.berkeley.edu testlan
_________________________________________
As you can see, the proper syntax is either a true ###.###.###.### notation or some abbreviated version using wildcards and range characters.
I've never seen entries like the ones in your file. While some of the numbers in the entries could potentially be part of an IP address or network address, others - like any number with more than 3 characters, or any 3 digit numbers greater than 255 - are not valid IP address values.
Has this configuration been working at your site?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
_________________________________________
For example, to allow all hosts with network addresses starting with a 10, as well as the single host with address 192.54.24.5 to use rlogin:
login allow 10.* 192.54.24.5
On a system running NFS, deny host 192.54.24.5 access to sprayd, an RPC-based server:
sprayd deny 192.54.24.5
A range is a field containing a - character. To deny hosts in network 10 (arpa) with subnets 3 through 5 access to remsh:
shell deny 10.3-5.*
The following entry denies rlogin access to host cory.berkeley.edu, any hosts on the network named testlan, and the host with internet address 192.54.24.5:
login deny 192.54.24.5 cory.berkeley.edu testlan
_________________________________________
As you can see, the proper syntax is either a true ###.###.###.### notation or some abbreviated version using wildcards and range characters.
I've never seen entries like the ones in your file. While some of the numbers in the entries could potentially be part of an IP address or network address, others - like any number with more than 3 characters, or any 3 digit numbers greater than 255 - are not valid IP address values.
Has this configuration been working at your site?
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]