Date: Thu, 5 Apr 2001 05:32:56 -0500 From: Mike Meyer <mwm@mired.org> To: Brennan Stehling <brennan@offwhite.net> Cc: questions@freebsd.org Subject: Re: custom inetd service Message-ID: <15052.18904.249714.331455@guru.mired.org> In-Reply-To: <29188904@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
GBrennan Stehling <brennan@offwhite.net> types: > I had a friend who has been slowly converting over to FreeBSD ask me about > doing some interesting maintenance on multiple systems. He is managing a > few servers that should have a syncronized configuration. I believe it is > for firewalls. He is a Network Admin. Rather than rolling your own solution, have him look at rdist. That's pretty much exactly what you describe: a config file on the root system describing what files get copied where, and a command you run on that system that contacts the remote servers and arranges to udpate their configuration files. It even has hooks for running commands on the remote system so the change in configuration can be activated. <mike > What he wanted to know is if there is a way to enter a change on one > system and have that take affect right away on the other systems > instantly. I do not believe that NIS would be appropriate here. Here is > what I thought would be a good solution, but I would need to learn a > couple things first. > > What I could do is write a perl script which can take a remote request > which would come in through inetd and invoke this script to fulfill > the request. Since it is going through inetd I could /etc/hosts.allow to > control access. Then on the root system he would run the client script > and make his request and it would open a connection to the remote servers > and attempt to send the request. I suppose I could have a config file > which would list all hosts which would be a part of this distributed > configuration. > > So I need to learn about 2 key parts and would like any opinions on this > implementation. If you have a better way to do it, I would be happy to > read your suggestion. > > Here are the 2 things I need to learn: > > 1) How does the script get picked up by inetd? The inetd process will > listen on the port that I set up, but how does the script do the rest? I > suppose the script should open a socket for reading and writing, but I am > confused on what port it should be communicating. I am confused in > general in this area. > > 2) How do I classify the custom service so that I can enter access control > in /etc/hosts.allow? I believe like with a service like telnetd I can > simply use the name of the script as the name I enter in the hosts.allow > file. But still yet, I am unsure if that does the whole job. It seems > that tcpwrappers have been integrated nicely into most daemon processes > lately and they may link into shared libraries which check for > authentication and authorization. But inetd itself may be doing that. I > am hoping inetd is doing the work for me so my script can be dumb and > simply do it's thing. > > I will try to find any information on this topic, but it seems to be an > uncommon thing. I may not find much which will help me. > > Brennan Stehling - software developer and system administrator > my projects: > home.offwhite.net (free personal hosting) > www.greasydaemon.com (bsd search) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15052.18904.249714.331455>