[ First - *please* don't mail me privately, without copying
any responses to the mailing list. I don't have the time
or inclination to offer private, unpaid, SNMP consultancy.
Keep discussions to the list, where others can both learn
and offer advice. Thanks. ]
> > It depends on how your 5.0.8 installation was configured.
> > The fact that the library is looking for this call implies that
> > this suite *was* configured to include librwap support.
>
> Actually it was configured --with-libwrap. Do you know what you
> lose (or gain) by configuring --with-libwrap.
It enables checks within the agent to consult the /etc/hosts.{allow,deny}
files before processing an SNMP request. This is typically one element
of a multi-level series of security checks:
external firewall
kernel-level packet filtering
/etc/hosts.{allow,deny}
snmpd.conf access control
The idea is that a Black Hat would need to compromise *all* of these
levels of protection in order to gain access. But of course, it also
means that you have to configure each of these properly in order to
enable authorised traffic.
If you're happy to drop this particular check, and rely on the others,
then it's OK to re-configure without --with-libwrap.
Otherwise you'll need to ensure that all applications which link with
the agent libraries (which is the only place this is used), also
link with -lwrap
Dave
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
