On Sat, 5 Jul 2003, Vincent Poy wrote: > On Sat, 5 Jul 2003, Scot W. Hetzel wrote: > > > From: "Vincent Poy" <vince_at_oahu.WURLDLINK.NET> > > > Any ideas? > > > > > > > > According to the inetd man page: > > > > TCP Wrappers > > When given the -w option, inetd will wrap all services specified as > > ``stream nowait'' or ``dgram'' except for ``internal'' services. If > > the > > -W option is given, such ``internal'' services will be wrapped. If > > both > > options are given, wrapping for both internal and external services > > will > > be enabled. Either wrapping option will cause failed connections to be > > logged to the ``auth'' syslog facility. Adding the -l flag to the > > wrap- > > ping options will include successful connections in the logging to the > > ``auth'' facility. > > : > > When wrapping is enabled, the tcpd daemon is not required, as that > > func- > > tionality is builtin. ..... > > > > Also, /etc/defaults/rc.conf shows that inetd_flags has both '-w' and '-W' > > flags set. If you are using the default flags to inetd, then you don't need > > to use tcpd to wrap your telnetd session. > > > > Did you change your inetd_flags? > > Nope, I have the -wW by default. I never knew inetd had builtin > wrappers but in that case, then it might be better but I remembered > tcp_wrappers was implemented into the base system and I thought it was in > tcpd since that binary is part of the world build process installation. > > > I just tested the bultin tcp_wrappers in inetd, and had no problem with > > adding a banner to my ftpd and telnetd daemons without using the tcpd > > daemon. But, when I changed the service to: > > > > ftp stream tcp nowait root /usr/libexec/tcpd ftpd -l > > > > and then killed -HUP the inetd process, the inetd process wanted the banner > > file to be called 'tcpd' instead of 'ftpd'. > > Actually, it's working correctly for me with the ftpd name. This > is my /etc/inetd.conf for the ftpd line: > > ftp stream tcp nowait root /usr/libexec/ftpd /usr/libexec/ftpd -l > > This is what the hosts.allow line looks like: > > telnetd,ftpd,rshd,rlogind : 208.201.244. : rfc931 : banners /etc/banners > > This is my /etc/banners listing: > > root_at_bigbang [1:33pm][/usr/local/sbin] >> dir /etc/banners > total 38 > drwxr-xr-x 3 root wheel - 512 Sep 7 2002 . > drwxr-xr-x 18 root wheel - 3072 Jul 5 11:59 .. > -rw-r--r-- 1 root wheel - 2026 Dec 12 1996 Makefile > drwxr-xr-x 2 root wheel - 512 Sep 6 2002 deny > -rw-r--r-- 1 root wheel - 712 Sep 6 2002 deny.telnetd > -rw-r--r-- 1 root wheel - 219 Sep 6 2002 fingerd > -rw-r--r-- 1 root wheel - 215 Dec 15 1996 fingerd.bak > -rw-r--r-- 1 root wheel - 1289 Dec 13 1996 fingerd.old > -rw-r--r-- 1 root wheel - 634 Sep 6 2002 ftpd > -rwxr-xr-x 1 root wheel - 8192 Dec 12 1996 nul > -rw-r--r-- 1 root wheel - 582 Sep 6 2002 prototype > -rw-r--r-- 1 root wheel - 1289 Dec 16 1996 prototype.old > -rw-r--r-- 1 root wheel - 0 Sep 6 2002 rlogind > -rw-r--r-- 1 root wheel - 582 Sep 6 2002 rshd > -rw-r--r-- 1 root wheel - 557 Sep 7 2002 sshd > -rw-r--r-- 1 root wheel - 582 Sep 6 2002 telnetd > > The only thing is that for IPs not defined, it would go straight > to the ftp login prompt and not deny access, I thought deny was default > for anything not defined? > > > I also killed inetd, and started it with no flags. But when I connected to > > the ftpd process, tcpd didn't display the banner (both tcpd and ftpd banner > > files were installed into the banner directory). > > Yep, same here. > > > So it looks like tcpd is broken when it comes to displaying banners. > > So it wasn't my imagination. :-) I wonder if there is actually > any differences between the tcp_wrappers in inetd and the one in tcpd or > is the inetd just the tcpd stuff all intergrated and improved. > > > I suggest you use inetd's builtin TCP Wrappers support, and forget using > > tcpd. > > That's a good idea since I probably won't remember to fix tcpd if > there is a fix on each cvsup and then buildworld. > > > Scot Here is something weird... In /etc/hosts.allow, I added the following line: ALL : ALL : rfc931: banners /etc/banners/deny : deny So I attempted to ftp and this is what happens. Connected to bigbang.DNALOGIC.NET. [unknown_at_adsl-208-201-244-226.sonic.net] Sorry but you currently do not have pe rmission to connect here! User (bigbang.DNALOGIC.NET:(none)): ^C C:\Documents and Settings\vince>ftp bigbang Connected to bigbang.DNALOGIC.NET. [unknown_at_adsl-208-201-244-226.sonic.net] Sorry but you currently do not have pe rmission to connect here! User (bigbang.DNALOGIC.NET:(none)): vince ________ _____ _________ ______ _______ __________________________ ___ __ \___ | / /___ |___ / __ __ \__ ____/____ _/__ ____/ __ / / /__ |/ / __ /| |__ / _ / / /_ / __ __ / _ / _ /_/ / _ /| / _ ___ |_ /___/ /_/ / / /_/ / __/ / / /___ /_____/ /_/ |_/ /_/ |_|/_____/\____/ \____/ /___/ \____/ .NET [ bigbang.DNALOGIC.NET ] DNA Logic Corporation - http://www.DNALOGIC.NET San Francisco, California USA For assistance or information please e-mail root_at_bigbang.DNALOGIC.NET Connection closed by remote host. The telnet one works correct but the ftpd one seems to display the first line of the /etc/banners/deny/ftpd and then prompt for the login which is will deny before displaying the rest of the banner. Cheers, Vince - vince_at_WURLDLINK.NET - Vice President ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] Almighty1_at_IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server AdminReceived on Sat Jul 05 2003 - 11:47:38 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:14 UTC