SUMMARY question w/ banners in tcp wrappers from Kristin Kris Larsen on 1998-09-17 (tru64-unix-managers)

From: Kristin Kris Larsen <klarsen_at_enterprise.afit.af.mil>
Date: Wed, 16 Sep 1998 11:17:59 -0400 (EDT)

Thank you for the quick replies from sean_at_stat.Duke.EDU,
mmokrejs_at_natur.cuni.cz, m.grau_at_kcc.state.ks.us nd
arrigo_at_albourne.com. I had not had a chance to re-read
all the documentation from when I installed tcp wrappers
in 1996 and I just followed my notes from then. Every
one of these people have the spawn command in the banner
files and I will need to read aobut that, but Arrigo hit
the nail on the head. I had in.fingerd, in.rshd, etc
in the banners directory instead of fingerd, rshd, etc.
Once I renamed each file they worked fine in 3.2x or 4.0x.

I include all the answers following my signature block.

Thank you again to all of you.

Kris Larsen

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Kristin L. Larsen aka) "Hey you!"
System Administrator, AFIT/ENY
Wright-Patterson Air Force Base, Ohio
ICES contractor
klarsen_at_afit.af.mil AFIT e-mail

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

----- Begin Included Message -----

From: "Sean O'Connell" <sean_at_stat.Duke.EDU>

They "just worked" for me on both. Are you sure tcp wrappers are in
/etc/inetd.conf (silly q, but I have done worse)? Are they in
your hosts.allow

ftpd: A_RULE : banners /etc/banners/a
telnetd: A_RULE : banners /etc/banners/a
rlogind: A_RULE : banners /etc/banners/a

I use /etc/banners/a directory for the allow banners and /etc/banners/d
for the deny banners. You did "make" the banners?

inetd.conf:
ftp stream tcp nowait root /usr/sbin/tcpd ftpd -l
telnet stream tcp nowait root /usr/sbin/tcpd telnetd
shell stream tcp nowait root /usr/sbin/tcpd rshd -l
login stream tcp nowait root /usr/sbin/tcpd rlogind -l
finger stream tcp nowait root /usr/sbin/tcpd fingerd

Did you really HUP inetd: kill -HUP `cat /var/run/inetd.pid` I used
the option of changing inetd.conf (seemed more intuitive) than the
other build style.

Hope this helps.
S

-- 
-------------------------------------------------------------------------
Sean O'Connell                                  Email: sean_at_stat.Duke.EDU
Institute of Statistics and Decision Sciences   Phone: (919) 684-5419
Duke University                                 Fax:   (919) 684-8594
----- End Included Message -----
----- Begin Included Message -----
>From mmokrejs_at_natur.cuni.cz Wed Sep 16 09:31:23 1998
From: Martin Mokrejs <mmokrejs_at_natur.cuni.cz>
It works on my system, sinco 4.0 to 4.0D.
Let me know if you need some more info. ;-)
Martin
-------------------------------------------------------------------------
| Martin MOKREJS - Net&SysAdmin                                         |
| PGP 5.0i key at: finger://mail.natur.cuni.cz/mmokrejs                 |
| mmokrejs_at_natur.cuni.cz   Faculty of Science, The Charles University   |
| tel.: +420-2-2195 2315   Albertov 6, PRAGUE 2, 128 43, Czech Republic |
-------------------------------------------------------------------------
----- End Included Message -----
----- Begin Included Message -----
>From m.grau_at_kcc.state.ks.us Wed Sep 16 09:42:57 1998
Date: Wed, 16 Sep 1998 08:45:45 -0500
From: Mike Grau <m.grau_at_kcc.state.ks.us>
(DU 3.2C)
Use the language described in host_options rather than hosts_access. For
example, to both use banners and send an email use "spawn" to initiate
the email as in:
#
# hosts.deny file:
#
ALL: .foxlink.net: \
spawn (/usr/bin/safe_finger -l _at_%h | \
/usr/bin/mailx -s "Forbidden %d from %h" security) &
FTPD: host.some.domain: banners /etc/tcpd_banners/deny :\
spawn (/usr/bin/safe_finger -l _at_%h | \
/usr/bin/mailx -s "Forbidden %d from %h" security) &
TELNETD: host.some.domain: banners /etc/tcpd_banners/deny :\
spawn (/usr/bin/safe_finger -l _at_%h | \
/usr/bin/mailx -s "Forbidden %d from %h" security) &
----- End Included Message -----
----- Begin Included Message -----
>From arrigo_at_albourne.com Wed Sep 16 09:49:19 1998
I have TCP/wrappers with banners running with DU 4.0D since I
installed it on my machines.
The only thing I can imagine which might be wrong is the name of the
daemons (if you just copied the /etc/hosts.{allow,deny} files from
Suns you'd have in.rlogind instead of rlogind. I assume you have
enabled banners in the Makefile.
For example, my /etc/hosts.deny looks like this:
ALL EXCEPT fingerd: ALL EXCEPT localhost: severity auth.alert: banners /usr/local/etc/banners : spawn (/usr/local/sbin/safe_finger -l _at_%h | /usr/bin/Mail -s "SECURITY Connection attempt by %c [%a] on %H for %s" security) &: DENY
fingerd: ALL EXCEPT localhost: severity auth.alert: banners /usr/local/etc/banners : spawn (date | /usr/bin/Mail -s "SECURITY Finger attempt by %c [%a] on %H for %s" security) &: DENY
# Just In Case (tm)
ALL: ALL : severity auth.alert: DENY
And I have the following files in /usr/local/etc/banners:
-r--r--r--   1 root     system      2222 Jun 29 14:10 Makefile
-rw-r--r--   1 root     system       384 Jun 29 14:10 fingerd
-rw-r--r--   1 root     system       436 Jun 29 14:09 ftpd
-rwxr-xr-x   1 root     system     16384 Jun 29 14:09 nul
-rw-r--r--   1 root     system       384 Jun 29 14:09 prototype
-rw-r--r--   1 root     system       385 Jun 29 14:09 rlogind
-rw-r--r--   1 root     system       385 Jun 29 14:10 rshd
-rw-r--r--   1 root     system       384 Jun 29 14:09 telnetd
which does the trick.
Hope this helps,
Ciao,
Arrigo
-- 
Arrigo Triulzi <arrigo_at_albourne.com> - Systems Director
Albourne Partners Ltd. - London, UK
----- End Included Message -----

Received on Wed Sep 16 1998 - 15:22:05 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:38 NZDT