Where is tcpd?
Michael K. Smith
mksmith at noanet.net
Wed May 7 08:42:32 PDT 2003
On 5/7/03 8:36 AM, "Dan Nelson" <dnelson at allantgroup.com> wrote:
> In the last episode (May 07), Michael K. Smith said:
>> I would like to use TCP Wrappers for ssh connections to a box, and
>> all of the literature regarding the inetd.conf configuration
>> references /usr/sbin/tcpd. I have been unable to find tcpd anywhere
>> on the system. Is there another way to reference the required files
>> in inetd.conf?
>
> Hm? This is the only place tcpd is mentioned in the inetc.conf
> manpage, and I think it answers your question pretty well.
>
> IMPLEMENTATION NOTES
>
> TCP Wrappers
> When given the -w option, inetd will wrap all services specified
> as ``stream nowait'' or ``dgram'' except for ``internal''
> services. If the -W option is given, such ``internal'' services
> will be wrapped. If both options are given, wrapping for both
> internal and external services will be enabled. Either wrapping
> option will cause failed connections to be logged to the ``auth''
> syslog facility. Adding the -l flag to the wrapping options will
> include successful connections in the logging to the ``auth''
> facility.
>
> Note that inetd only wraps requests for a ``wait'' service while
> no servers are available to service requests. Once a connection
> to such a service has been allowed, inetd has no control over
> subsequent connec- tions to the service until no more servers are
> left listening for connec- tion requests.
>
> When wrapping is enabled, the tcpd daemon is not required, as that
> functionality is builtin. For more information on TCP Wrappers,
> see the relevant documentation (hosts_access(5)). When reading
> that document, keep in mind that ``internal'' services have no
> associated daemon name. Therefore, the service name as specified
> in inetd.conf should be used as the daemon name for ``internal''
> services.
>
Then I must have a misconfiguration somewhere. Here's what my inetd.conf
entry looks like:
ssh stream tcp nowait root /usr/sbin/sshd sshd -I
And here is my inetd process:
root 16368 0.0 0.3 1076 812 ?? Is 7:50AM 0:00.01
/usr/sbin/inetd -wW
And my /etc/hosts.allow entry:
sshd : .noanet.net
But, when I run tcpdchk, I get:
warning: /etc/hosts.allow, line 23: sshd: service possibly not wrapped
Any ideas?
Mike
--
Michael K. Smith NoaNet
206.219.7116 (work) 206.579.8360 (cell)
mksmith at noanet.net http://www.noanet.net
More information about the freebsd-questions
mailing list