From owner-freebsd-questions Tue Apr 27 12:50:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mta1-rme.xtra.co.nz (mta.xtra.co.nz [203.96.92.1]) by hub.freebsd.org (Postfix) with ESMTP id 03A6F15445 for ; Tue, 27 Apr 1999 12:50:31 -0700 (PDT) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.152.128]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990427195221.TXDN5596385.mta1-rme@wocker>; Wed, 28 Apr 1999 07:52:21 +1200 From: "Dan Langille" Organization: The FreeBSD Diary To: Zulkarnain Date: Wed, 28 Apr 1999 07:50:29 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: tcp_wrappers Reply-To: junkmale@xtra.co.nz Cc: freebsd-questions@FreeBSD.ORG In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990427195221.TXDN5596385.mta1-rme@wocker> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 27 Apr 99, at 20:28, Zulkarnain wrote: > I have installed tcp_wrappers-7.6 on FreeBSD 3.1R, but deeply hard to > configure it. I tried to monitor and filter incoming requests for FINGER, > and TELNET, but still not working correctly.The log I got still : > > Apr 26 17:53:07 pinto telnetd[5607]: connect from ns.wasantara.net.id Apr > 26 17:54:17 pinto telnetd[5616]: connect from lpki.linux.or.id > > what I expact from running tcp_wrappers is to get log like : > > Jan 10 15:49:41 ngatoto telnetd[1758]: connect from > wocker.dvl-software.com Jan 10 15:49:58 ngatoto login: login from > wocker.dvl-software.com on ttyp2 as mike Wait! Hold on! You're not going to get those in your logs unless *I* start trying to login to your machine. > here is my config : > > ----- /etc/inetd.conf --------- > telnet stream tcp nowait root /usr/local/libexec/tcpd telnetd > finger stream tcp nowait nobody /usr/local/libexec/tcpd fingerd -s -l > -------------- That looks right. I also use the -h option on telentd. > ------ /etc/syslog.conf ----- > # $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > mail.info /var/log/maillog > lpr.info /var/log/lpd-errs > cron.* /var/cron/log > *.err root > *.notice;news.err root > *.alert root > *.emerg * > # uncomment these if you're running inn > # news.crit /var/log/news/news.crit > # news.err /var/log/news/news.err > # news.notice /var/log/news/news.notice > !startslip > *.* /var/log/slip.log > !ppp > *.* /var/log/ppp.log > !ftpd > *.* /var/log/ftpd > !fingerd > *.*;daemon.notice /var/log/fingerd > auth.*;authpriv.* /var/log/auth.log > local0.* /var/log/tcpd.log > local0.info;local0.debug /var/log/firewall.log > local0.err /var/log/firewall.err > !popper > *.* /var/log/popper.log > !telnetd > *.* /var/log/telnetd I am not sure what the problem is here. I *think* it may be the auth.notice bit in the /dev/console. Does the missing message appear on the console? Try changing "auth.notice" to "auth.none;authpriv.none" on the /dev/console line and see what happens. Again, I'm guessing. > > --------- /usr/local/etc/hosts.allow > ALL: ALL: ALLOW > telnetd:ALL@ALL > fingerd:ALL@ALL > --------------- I would recommand adding "ALL: ALL: DENY" to the end of this file. That, by default, will deny everything. That's a basic principle of security. Deny everything. Allow only what you want. If you choose that route, remember to remove the ALL: ALL: ALLOW. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message