Date: Wed, 28 Apr 1999 07:50:29 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: Zulkarnain <zul@unsyiah.ac.id> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: tcp_wrappers Message-ID: <19990427195221.TXDN5596385.mta1-rme@wocker> In-Reply-To: <Pine.BSF.4.05.9904271953150.593-100000@pinto.unsyiah.ac.id>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Apr 99, at 20:28, Zulkarnain wrote: > I have installed tcp_wrappers-7.6 on FreeBSD 3.1R, but deeply hard to > configure it. I tried to monitor and filter incoming requests for FINGER, > and TELNET, but still not working correctly.The log I got still : > > Apr 26 17:53:07 pinto telnetd[5607]: connect from ns.wasantara.net.id Apr > 26 17:54:17 pinto telnetd[5616]: connect from lpki.linux.or.id > > what I expact from running tcp_wrappers is to get log like : > > Jan 10 15:49:41 ngatoto telnetd[1758]: connect from > wocker.dvl-software.com Jan 10 15:49:58 ngatoto login: login from > wocker.dvl-software.com on ttyp2 as mike Wait! Hold on! You're not going to get those in your logs unless *I* start trying to login to your machine. <grin> > here is my config : > > ----- /etc/inetd.conf --------- > telnet stream tcp nowait root /usr/local/libexec/tcpd telnetd > finger stream tcp nowait nobody /usr/local/libexec/tcpd fingerd -s -l > -------------- That looks right. I also use the -h option on telentd. > ------ /etc/syslog.conf ----- > # $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > mail.info /var/log/maillog > lpr.info /var/log/lpd-errs > cron.* /var/cron/log > *.err root > *.notice;news.err root > *.alert root > *.emerg * > # uncomment these if you're running inn > # news.crit /var/log/news/news.crit > # news.err /var/log/news/news.err > # news.notice /var/log/news/news.notice > !startslip > *.* /var/log/slip.log > !ppp > *.* /var/log/ppp.log > !ftpd > *.* /var/log/ftpd > !fingerd > *.*;daemon.notice /var/log/fingerd > auth.*;authpriv.* /var/log/auth.log > local0.* /var/log/tcpd.log > local0.info;local0.debug /var/log/firewall.log > local0.err /var/log/firewall.err > !popper > *.* /var/log/popper.log > !telnetd > *.* /var/log/telnetd I am not sure what the problem is here. I *think* it may be the auth.notice bit in the /dev/console. Does the missing message appear on the console? Try changing "auth.notice" to "auth.none;authpriv.none" on the /dev/console line and see what happens. Again, I'm guessing. > > --------- /usr/local/etc/hosts.allow > ALL: ALL: ALLOW > telnetd:ALL@ALL > fingerd:ALL@ALL > --------------- I would recommand adding "ALL: ALL: DENY" to the end of this file. That, by default, will deny everything. That's a basic principle of security. Deny everything. Allow only what you want. If you choose that route, remember to remove the ALL: ALL: ALLOW. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990427195221.TXDN5596385.mta1-rme>