tcp wrappers and rpc.statd
klussier at comcast.net
klussier at comcast.net
Wed Aug 2 07:46:01 EDT 2006
-------------- Original message ----------------------
From: Paul Lussier <p.lussier at comcast.net>
>
> So, theoretically, it appears that just placing a line like this in
> /etc/hosts.allow should do what I want:
>
> statd: 10.0.123.0/255.255.255.0, 10.0.124.0/255.255.255.0
>
> Yet, there's nothing anywhere that I can see that ever invokes tcpd to
> wrap around the execution of statd. I'm quite familiar with wrapping
> a daemon exec'ed from within inetd where you write something like:
You wouldn't see anything. statd uses the tcp wrapper library, so it is in the code. This is the difference between a daemon that is "tcp wrappers enabled" meaning it can make use of tcp wrappers if you tell it to, and a daemon that "uses tcp wrappers", meaning that it uses tcp wrappers whether you like it or not :-)
> finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd
>
> Doing on nmap of the system in question shows statd running when
> probing the 10.0.20.31 interface.
Define "doing an nmap". Are you using nmap to do a tcp connect scan, or just to look for sockets? TCP wrappers only works for connection attempts.
> Adding the line to /etc/hosts.allow
> does nothing.
Try adding to /etc/hosts.deny "statd: ALL" in addition to the hosts.allow entry. If you just add an entry in hosts.allow, you are explicitly allowing something, but you aren't denying anything.
C-Ya,
Kenny
More information about the gnhlug-discuss
mailing list