Re: Xinetd.conf and TCP Wrappers

[M Chandrasekhar <chand6ce ccs iitb ernet in>]

On Mon, 25 Jun 2001, Mohammedly Babuka wrote:
> I have recently upgraded from RH6.2 to RH7.1.  In RH6.2, I used TCP
> Wrappers, specifically by only allowing certain up addresses to access using 
> telnet and ftp.
> For example, in my /etc/hosts.allow file, the following type of entries were 
> used:
> in.telnetd: 135.20.6.112
> in.telnetd: 135.20.8.186
> in.ftpd: 135.20.6.153
> in.ftpd: 138.20.8.186

Hi

	You can set xinetd.conf like this, there will be already some
lines in defaults so keep them like that only or change, its upto you..

defaults
{
  instance		= 15
  log_type		= FILE /var/log/servicelog
  log_on_success	= HOST PID USERID DURATION EXIT
  log_on_failure	= HOST USERID RECORD

# only_from 		= 135.20.6.112 135.20.8.186
# u can specify only_from in defaults or for a particular service also
# 'lly you have no_access

  no_access = 0.0.0.0/0 

# put no_access (acts like /etc/hosts.deny) in defaults and you can write
# only_from (acts like /etc/hosts.allow) for each service...

# you can block unused services like hashing in inetd.conf..below eg.
  disabled	= shell login
  disabled	= name uucp tftp exec cosmat
}


service ftp
{
	socket_type	= stream
	wait		= no
	user		= root
	server		= /usr/sbin/in.ftpd
	server_args	= -l #(its small L)
	instances	= 4
	only_from	= 135.20.6.153 138.20.8.186
	
# so specify no_access as 0.0.0.0/0 and u can write only_from for each
#service

#also u can specify access times to allow access in between those timings
# access_time	= 8:30-12:00 16:00-19:00

}	


service telnet
{
	flags		= REUSE
	socket_type	= stream
	wait		= no
	user		= root
	server		= /usr/sbin/in.telnetd
	only_from	= 135.20.6.112 135.20.8.186
}


But you should be running telnet ftp server...i have redhat 6.2 so i got
to download telnet ftp server rpms,


Here was the simple but you can add many restrictions (like xadmin servers
services)


Enjoyyyyyyyy:))

regards
chandra

*****************************************************************************
M. Chandrasekhar,
Senior Undergraduate,
Hostel-2,Room-260,
Dept. of Electrical Engineering,
Indian Institute of Technology Bombay, 
Mumbai-400076,
INDIA.

alternate E-mail: chand ee iitb ac in
*****************************************************************************

> 
> The following entries were used in /etc/hosts.deny
> ALL: ALL
> 
> This worked perfectly for what I needed.
> 
> Now, after upgrading to RH7.1, this no longer works.  I have read the paper 
> by ?Frederic Raynal? on ?xinetd?, and read the ?man xinetd.conf? pages, but 
> still feel unsure of the correct method to use.  Can anyone help me with an 
> example of ?xinetd.conf? that performs the same granularity of security?
> 
> Currently, my xinetd.conf is the default provided with the RH7.1 install.
> 
> Thank You
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 
> 
> 
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list
>