Re: Security with TCP Wrappers
On Mon, Oct 28, 2002 at 11:26:53AM -, David Davenport wrote: Am I missing something? I think you need to restart xinetd for it to read the /etc/host.* files. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Security with TCP Wrappers
Hi Emmanuel I tried that - still no luck.. -Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list-admin;redhat.com]On Behalf Of Emmanuel Seyman Sent: 28 October 2002 11:52 To: [EMAIL PROTECTED] Subject: Re: Security with TCP Wrappers On Mon, Oct 28, 2002 at 11:26:53AM -, David Davenport wrote: Am I missing something? I think you need to restart xinetd for it to read the /etc/host.* files. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Security with TCP Wrappers
in the hosts.allow enter: in.telnetd: x.x.x. where x.x.x. is the IP address of your address also you need to add localhost as below: in.telnetd: localhost IP_Address1 IP_Address2 IP_Address3 in the hosts.deny add the following: ALL: ALL to block all and only allow any hosts under hosts.allow. Now any one wants access you can add thier IPs to the hosts.allow as ALL: to cover all service or as: in.telnetd: in.ftpd: ipop3d: imap: Al-Juhani [EMAIL PROTECTED] = Original Message From [EMAIL PROTECTED] = Dear All I'm new to Linux so please forgive me if this is a dumb question. I am trying to disable telnet access from certain systems/subnets to a Linux Server. I understand this can be acheievd by adding entries to the hosts.allow and hosts.deny files. I have added in.telnetd: x.x.x. to the allow file (where x.x.x is the subnet that I want to allow telnet access) and I have added in.telnetd: ALL to the deny file So in theory this should allow access to x.x.x subnet and deny everything else? Problem is I can still telnet from anywhere Am I missing something? Thanks -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Security with TCP Wrappers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Oct 2002 11:26:53 -, David Davenport wrote: I am trying to disable telnet access from certain systems/subnets to a Linux Server. I understand this can be acheievd by adding entries to the hosts.allow and hosts.deny files. I have added in.telnetd: x.x.x. to the allow file (where x.x.x is the subnet that I want to allow telnet access) and I have added in.telnetd: ALL to the deny file So in theory this should allow access to x.x.x subnet and deny everything else? Problem is I can still telnet from anywhere What happens if you take out the entry from /etc/hosts.allow? Does the hosts.deny entry work for you then? - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9vSgM0iMVcrivHFQRAok5AJ4j8Tps44vMpVewVAZJDdH63R3mWQCeL0Wv lKnx4KHomzPF+BIKXzQwUfU= =J9av -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Security with TCP Wrappers
Title: RE: Security with TCP Wrappers Hi, For an Subnet, your entry in the hosts.allow should be in.telnetd : 192.168.1.0/255.255.255.0 Change the Ip Adress and Subnetmask to your, that should be all Alex -Original Message- From: David Davenport [mailto:[EMAIL PROTECTED]] Sent: Monday, October 28, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Security with TCP Wrappers Dear All I'm new to Linux so please forgive me if this is a dumb question. I am trying to disable telnet access from certain systems/subnets to a Linux Server. I understand this can be acheievd by adding entries to the hosts.allow and hosts.deny files. I have added in.telnetd: x.x.x. to the allow file (where x.x.x is the subnet that I want to allow telnet access) and I have added in.telnetd: ALL to the deny file So in theory this should allow access to x.x.x subnet and deny everything else? Problem is I can still telnet from anywhere Am I missing something? Thanks
RE: Security with TCP Wrappers
Hi. No there is not need to start xinetd or any other service. Saving any changes to hosts.allow or .deny will make whatever in there applied. Al-Juhani [EMAIL PROTECTED] = Original Message From [EMAIL PROTECTED] = On Mon, Oct 28, 2002 at 11:26:53AM -, David Davenport wrote: Am I missing something? I think you need to restart xinetd for it to read the /etc/host.* files. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Security with TCP Wrappers
Title: RE: Security with TCP Wrappers It appears that whatever I enter in these files I can still get access via telnet form any maching (even if I add single ip exclusions). Is there any way that something is set elsewhere so that these files are being ignored? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Spanke, AlexanderSent: 28 October 2002 12:16To: '[EMAIL PROTECTED]'Subject: RE: Security with TCP Wrappers Hi, For an Subnet, your entry in the hosts.allow should be in.telnetd : 192.168.1.0/255.255.255.0 Change the Ip Adress and Subnetmask to your, that should be all Alex -Original Message- From: David Davenport [mailto:[EMAIL PROTECTED]] Sent: Monday, October 28, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Security with TCP Wrappers Dear All I'm new to Linux so please forgive me if this is a dumb question. I am trying to disable telnet access from certain systems/subnets to a Linux Server. I understand this can be acheievd by adding entries to the hosts.allow and hosts.deny files. I have added in.telnetd: x.x.x. to the allow file (where x.x.x is the subnet that I want to allow telnet access) and I have added in.telnetd: ALL to the deny file So in theory this should allow access to x.x.x subnet and deny everything else? Problem is I can still telnet from anywhere Am I missing something? Thanks
Re: Security with TCP Wrappers
On Mon, Oct 28, 2002 at 03:10:52PM -, David Davenport wrote: RE: Security with TCP WrappersIt appears that whatever I enter in these files I can still get access via telnet form any maching (even if I add single ip exclusions). Is there any way that something is set elsewhere so that these files are being ignored? Short of re-compiling, I don't think it's possible to set xinetd-related services without tcp wrappers support. Do you have any weird error messages in /var/log/messages when you restart xinetd? Also, please check your /etc/hosts.deny to check that in.telnetd is correctly spelled. If it is, I'm afraid I'm out of ideas. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Security with TCP Wrappers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Oct 2002 17:14:00 +0100, Emmanuel Seyman wrote: RE: Security with TCP WrappersIt appears that whatever I enter in these files I can still get access via telnet form any maching (even if I add single ip exclusions). Is there any way that something is set elsewhere so that these files are being ignored? Short of re-compiling, I don't think it's possible to set xinetd-related services without tcp wrappers support. Do you have any weird error messages in /var/log/messages when you restart xinetd? Also, please check your /etc/hosts.deny to check that in.telnetd is correctly spelled. If it is, I'm afraid I'm out of ideas. What version of Red Hat Linux is this thread about? As a last resort, you could use xinetd's only_from and no_access parameters, see man xinetd.conf. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9vWeu0iMVcrivHFQRAkgoAKCC1TBTzu6+Y3dTTjCd6GLsJpeIyQCfZQyc BHC/AgwEBZgkje/CnDfSrfg= =NG2o -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Security with TCP Wrappers
Hi Emmanual Thanks for your help. No strange messages. I'm lost too but remember I'm a newbie so I guess the only way to learn is to dive in. I'll let you know if I solve it. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list-admin;redhat.com]On Behalf Of Emmanuel Seyman Sent: 28 October 2002 16:14 To: [EMAIL PROTECTED] Subject: Re: Security with TCP Wrappers On Mon, Oct 28, 2002 at 03:10:52PM -, David Davenport wrote: RE: Security with TCP WrappersIt appears that whatever I enter in these files I can still get access via telnet form any maching (even if I add single ip exclusions). Is there any way that something is set elsewhere so that these files are being ignored? Short of re-compiling, I don't think it's possible to set xinetd-related services without tcp wrappers support. Do you have any weird error messages in /var/log/messages when you restart xinetd? Also, please check your /etc/hosts.deny to check that in.telnetd is correctly spelled. If it is, I'm afraid I'm out of ideas. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Security with TCP Wrappers
Dave, You are going to need to restart your network services for TCP Wrappers to take effect: ex., /etc/init.d/network restart Your hosts.deny file should have in it ALL:ALL to deny access via any service from any IP address. If you want to allow access from one specific IP address: ALL:xxx.xxx.xxx.xxx or to allow access from any address on a specific subnet: ALL:xxx.xxx.xxx. I'm a newbie, too, but I'm learning... Good luck to you! Jay Scrivner -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list