Date: Sat, 5 Jul 2003 10:39:49 -1000 (HST) From: Vincent Poy <vince@oahu.WURLDLINK.NET> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: current@freebsd.org Subject: Re: src/libexec/tcpd doesn't work correctly with -DPROCESS_OPTIONS Message-ID: <20030705103037.A3146-100000@oahu.WURLDLINK.NET> In-Reply-To: <001801c3432a$d5a23250$11fd2fd8@westbend.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Jul 2003, Scot W. Hetzel wrote: > From: "Vincent Poy" <vince@oahu.WURLDLINK.NET> > > Any ideas? > > > > > According to the inetd man page: > > TCP Wrappers > When given the -w option, inetd will wrap all services specified as > ``stream nowait'' or ``dgram'' except for ``internal'' services. If > the > -W option is given, such ``internal'' services will be wrapped. If > both > options are given, wrapping for both internal and external services > will > be enabled. Either wrapping option will cause failed connections to be > logged to the ``auth'' syslog facility. Adding the -l flag to the > wrap- > ping options will include successful connections in the logging to the > ``auth'' facility. > : > When wrapping is enabled, the tcpd daemon is not required, as that > func- > tionality is builtin. ..... > > Also, /etc/defaults/rc.conf shows that inetd_flags has both '-w' and '-W' > flags set. If you are using the default flags to inetd, then you don't need > to use tcpd to wrap your telnetd session. > > Did you change your inetd_flags? Nope, I have the -wW by default. I never knew inetd had builtin wrappers but in that case, then it might be better but I remembered tcp_wrappers was implemented into the base system and I thought it was in tcpd since that binary is part of the world build process installation. > I just tested the bultin tcp_wrappers in inetd, and had no problem with > adding a banner to my ftpd and telnetd daemons without using the tcpd > daemon. But, when I changed the service to: > > ftp stream tcp nowait root /usr/libexec/tcpd ftpd -l > > and then killed -HUP the inetd process, the inetd process wanted the banner > file to be called 'tcpd' instead of 'ftpd'. Actually, it's working correctly for me with the ftpd name. This is my /etc/inetd.conf for the ftpd line: ftp stream tcp nowait root /usr/libexec/ftpd /usr/libexec/ftpd -l This is what the hosts.allow line looks like: telnetd,ftpd,rshd,rlogind : 208.201.244. : rfc931 : banners /etc/banners This is my /etc/banners listing: root@bigbang [1:33pm][/usr/local/sbin] >> dir /etc/banners total 38 drwxr-xr-x 3 root wheel - 512 Sep 7 2002 . drwxr-xr-x 18 root wheel - 3072 Jul 5 11:59 .. -rw-r--r-- 1 root wheel - 2026 Dec 12 1996 Makefile drwxr-xr-x 2 root wheel - 512 Sep 6 2002 deny -rw-r--r-- 1 root wheel - 712 Sep 6 2002 deny.telnetd -rw-r--r-- 1 root wheel - 219 Sep 6 2002 fingerd -rw-r--r-- 1 root wheel - 215 Dec 15 1996 fingerd.bak -rw-r--r-- 1 root wheel - 1289 Dec 13 1996 fingerd.old -rw-r--r-- 1 root wheel - 634 Sep 6 2002 ftpd -rwxr-xr-x 1 root wheel - 8192 Dec 12 1996 nul -rw-r--r-- 1 root wheel - 582 Sep 6 2002 prototype -rw-r--r-- 1 root wheel - 1289 Dec 16 1996 prototype.old -rw-r--r-- 1 root wheel - 0 Sep 6 2002 rlogind -rw-r--r-- 1 root wheel - 582 Sep 6 2002 rshd -rw-r--r-- 1 root wheel - 557 Sep 7 2002 sshd -rw-r--r-- 1 root wheel - 582 Sep 6 2002 telnetd The only thing is that for IPs not defined, it would go straight to the ftp login prompt and not deny access, I thought deny was default for anything not defined? > I also killed inetd, and started it with no flags. But when I connected to > the ftpd process, tcpd didn't display the banner (both tcpd and ftpd banner > files were installed into the banner directory). Yep, same here. > So it looks like tcpd is broken when it comes to displaying banners. So it wasn't my imagination. :-) I wonder if there is actually any differences between the tcp_wrappers in inetd and the one in tcpd or is the inetd just the tcpd stuff all intergrated and improved. > I suggest you use inetd's builtin TCP Wrappers support, and forget using > tcpd. That's a good idea since I probably won't remember to fix tcpd if there is a fix on each cvsup and then buildworld. > Scot Cheers, Vince - vince@WURLDLINK.NET - Vice President ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] Almighty1@IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030705103037.A3146-100000>