From owner-freebsd-stable Thu Jun 10 15:14:57 1999 Delivered-To: freebsd-stable@freebsd.org Received: from noao.edu (noao.edu [140.252.1.54]) by hub.freebsd.org (Postfix) with ESMTP id 5C85814BE5 for ; Thu, 10 Jun 1999 15:14:55 -0700 (PDT) (envelope-from grandi@noao.edu) Received: from mirfak.tuc.noao.edu (IDENT:grandi@mirfak.tuc.noao.edu [140.252.1.9]) by noao.edu (8.9.3/8.8.8/SAG-14Jan99) with ESMTP id PAA06563 for ; Thu, 10 Jun 1999 15:14:55 -0700 (MST) (envelope-from grandi@noao.edu) Date: Thu, 10 Jun 1999 15:14:55 -0700 (MST) From: Steve Grandi X-Sender: grandi@mirfak.tuc.noao.edu To: freebsd-stable@freebsd.org Subject: amd and /etc/hosts.allow Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ever since the "tcpwrapper enabled" tasks came into use in stable, I can't get amd to work. If I do something like cd /host/orion/u3 I am hung forever: no response at all to the keyboard. Ps shows an amd process stuck in D state. If I reboot and remove /etc/hosts.allow, and then do the cd command, it works fine. So what am I DENYing in /etc/hosts.allow that I need to ALLOW? Any hints in tracking this down? I'm running 3.2-STABLE cvsuped today. Here is my /etc/hosts.allow: # # hosts.allow access control file for "tcp wrapped" apps. # $Id: hosts.allow,v 1.2.2.2 1999/05/11 01:35:01 obrien Exp $ # # NOTE: The hosts.deny file is not longer used. Instead, put both 'allow' # and 'deny' rules in the hosts.allow file. # see hosts_options(5) for the format of this file. # hosts_access(5) no longer fully applies. # This is an example! You will need to modify it for your specific # requirements! # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a "First match wins" basis. # ALL : ALL : allow # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny # Prevent those with no reverse DNS from connecting. #ALL : PARANOID : RFC931 20 : deny # Allow anything from localhost and local networks ALL: 127.0. : allow ALL: 140.252. : allow ALL : localhost : allow ALL : noao.edu : allow ALL : .noao.edu : allow # Sendmail can help protect you against spammers and relay-rapers #sendmail : localhost : allow #sendmail : .nice.guy.example.com : allow #sendmail : .evil.cracker.example.com : deny sendmail : ALL : allow # Portmapper is used for all RPC services; protect your NFS! #portmap : localhost : allow #portmap : .noao.edu : allow #portmap : .evil.cracker.example.com : deny portmap : ALL : allow # Provide a small amount of protection for ftpd #ftpd : localhost : allow #ftpd : .nice.guy.example.com : allow #ftpd : .evil.cracker.example.com : deny ftpd : ALL : allow # Block everything else ALL : ALL : deny # You need to be clever with finger; do _not_ backfinger!! You can easily # start a "finger war". #fingerd : ALL \ # : spawn (echo Finger. | \ # /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \ # : deny # The rest of the daemons are protected. Backfinger and log by email. #ALL : ALL \ # : severity auth.info : spawn (/usr/bin/finger -l @%h | \ # /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & # \ # : twist /bin/echo "You are not welcome to use %d from %h." Steve Grandi, National Optical Astronomy Observatories/AURA Inc., Tucson AZ USA Internet: grandi@noao.edu Voice: +1 520 318-8228 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message