Date: Mon, 23 Apr 2001 15:00:11 -0400 From: Bob Johnson <bob@eng.ufl.edu> To: Odhiambo Washington <wash@wananchi.com> Cc: questions@freebsd.org Subject: Re: tcpd Message-ID: <3AE47BBB.D3FD1B8E@eng.ufl.edu> References: <3AE41E55.293F84B0@eng.ufl.edu> <20010423153231.D60530@everest.wananchi.com> <3AE42889.A680050F@eng.ufl.edu> <20010423165457.G60530@everest.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Odhiambo Washington wrote: > > * Bob Johnson <bob@eng.ufl.edu> [20010423 16:04]: writing on the subject 'Re: tcpd' > Bob> Odhiambo Washington wrote: > Bob> > > Bob> > * Bob Johnson <bob@eng.ufl.edu> [20010423 15:20]: writing on the subject 'Re: tcpd' [...] > Bob> > Thanks for the prompt reply. > Bob> > I must have read that tcp wrappers are now part of the base system. > Bob> > But now I have a perl script whose owners say MUST be wrapped. So they say > Bob> > I have to add the etc/services this line: > Bob> > UnixMgmt 3830/tcp > Bob> > > Bob> > Then I have to wrap the thing this way in inetd.conf > Bob> > > Bob> > UnixMgmt stream tcp nowait root path/to/tcpd /path/to/script.pl > Bob> > > Bob> > How do you suppose I can go about this? > Bob> > Of course the instructions they gace are for a linux machine. I only need > Bob> > to wrap the same in our nice daemon. > Bob> > > Bob> > Getting a port for it seems a bit out of the way....... > Bob> > > Bob> > -Wash > Bob> > > Bob> > Bob> > Bob> I really don't know. I haven't had to deal with that situation. > Bob> Post the details about what you need to do to the freebsd-questions > Bob> list and someone can probably help. > Bob> > Bob> I looked at the tcp_wrappers port and it will not want to install > Bob> itself in a 4.x system. I don't know how you are supposed to work > Bob> around that. > Bob> > Bob> - Bob > > Someone in the -questions list suggested that as long as I have the > entry in etc/services, i should try having the thing wrapped via > hosts.allow and see what the results would be. So I will give it a shot > and revert back with a report. > After thinking about it, I think that is exactly what you need to do. Add the appropriate line to /etc/inetd.conf, and because inetd has tcpwrapper support built in, the service will be wrapped automatically. You don't need to add a reference to tcpd in inetd.conf, so it will be something like UnixMgmt stream tcp nowait root path/to/script.perl script.perl -anyscriptoptions You will need to edit /etc/hosts.allow: First, comment out the line that says ALL : ALL : allow Next, edit the rest of the file to make sense for your network. Finally, add something like this _before_ the last entry (the one that starts ALL : ALL : \ ) # allow only local network users to access UnixMgt service script.perl : 192.168.123.0/255.255.255.0 : allow script.perl : ALL : deny And then kill -HUP inetd to load all of the new config info. You can test to see what your tcp filters are doing with something like tcpdmatch script.perl 192.168.123.4 and it will tell you whether that address is allowed access or not. > Thankyou so much for your time. > > -Wash > I don't know that this is exactly right, but it should be real close. - Bob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE47BBB.D3FD1B8E>