01-22-2010
I'm not too clear on how tcpd would tell the difference between users either, since it would seem to happen before it hands over the connection! Some of its
documentation hints about IDENT protocol or RFC931, which could mean having to do custom configuration on the client not just the server. And that probably assumes the username on the client machine matches what they want to login as in the first place.
All in all it would be much better to do it cleanly inside vsftp, but that doesn't look possible either! It
does have per-client configuration settings, cheerfully ignored whenever they specify limits on things already happened -- like specifying an IP to connect from. Its user allow/deny list cannot specify IP addresses either, it's just a dumb text file of one user per line.
If you absolutely have to use vsftpd, you might need to set up a separate daemon for that one user, restricted to some internal subnet. Or, if the user's not internal, over some VPN.
10 More Discussions You Might Find Interesting
1. Cybersecurity
I have installed TCP wrappers , Good package ...
I have a problem with the hosts_options part ...
I am not able to use the twist command .. It just dosent respond
I have compiled wrappers 7.6 for Solaris 8 with ipv6 support ...
Everything works fine except the twist doesnt work
I have... (1 Reply)
Discussion started by: DPAI
1 Replies
2. IP Networking
I have an RS6000 server running AIX and on occasion all users are logged out of the server "connection closed by foreign host" is the error message. Normally a user can press enter and get a Login prompt, but they get the message "connection refused" and then the users can wait a minute or so and... (2 Replies)
Discussion started by: Docboyeee
2 Replies
3. Solaris
Hello,
I'm administrating new installed cluster that runs Legato Networker and Oracle 9. And I want to restrict the use of root to my self and givr the application and DBA the proper and needed privileges to do their duties without hassle in addition I would like to log users activities.
my... (0 Replies)
Discussion started by: sh_ksa
0 Replies
4. Solaris
I want to log tcp-wrapper events Solaris 10. I researched and saw that I could make a syslog entry in the hosts.deny, which I did below. After restarting syslog and having ssh blocking, I see nothing logging. I also do not get the email that should be generated. The file was taken from a... (2 Replies)
Discussion started by: csgonan
2 Replies
5. Solaris
has anyone ever tried using a client list in thier hosts.allow file
Example of hosts.allow) in.ftpd: /etc/ftp.hosts
"ftp.hosts" has my list of IP address that are allow access....
However I cant get this work...Any Comments or Help? (0 Replies)
Discussion started by: dodge_man
0 Replies
6. AIX
With things installed and wrapping ftpd on AIX 5.1 in hosts.deny I have;
ALL: ALL
in hosts.allow;
ftpd: x.x.x.x
ALL: x.x.x.x
I get this on connect via ftp;
421 Service not available, remote server has closed connection
So its working as far as blocking but the hosts.allow seems to be... (1 Reply)
Discussion started by: traken
1 Replies
7. Shell Programming and Scripting
how can i make my users to not use particular commands in the network
like:wall.......
pl z help me regarding this (1 Reply)
Discussion started by: yashwanthguru
1 Replies
8. Red Hat
Hello,
can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories.
1. I have updated their login shell as /sbin/nologin.
anything else do I need to update.
Thanks, (3 Replies)
Discussion started by: bobby320
3 Replies
9. AIX
hi all
just installed the netsec.options.tcpwrapper from expansion pack, which used to be a rpm, for my aix 6.1 test box.
it is so unpredictable. i set up the hosts.deny as suggested for all and allow the sshd for specific ip addresses/hostnames.
the tcpdchk says the hosts allowed and... (0 Replies)
Discussion started by: wf201626
0 Replies
10. AIX
Hi,
I have in my organization varied OS types (AIX,RHEL,Solaris)
My need was to block ftp connections from some addresses on my organization,
but to not disable the protocol.
In the linux servers i did that with the hosts.deny file that used by the vsftpd deamon.
In my AIX servers, i have... (6 Replies)
Discussion started by: moshesa
6 Replies
LEARN ABOUT FREEBSD
tcpdmatch
TCPDMATCH(8) System Manager's Manual TCPDMATCH(8)
NAME
tcpdmatch - tcp wrapper oracle
SYNOPSYS
tcpdmatch [-d] [-i inet_conf] daemon client
tcpdmatch [-d] [-i inet_conf] daemon[@server] [user@]client
DESCRIPTION
tcpdmatch predicts how the tcp wrapper would handle a specific request for service. Examples are given below.
The program examines the tcpd access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal
accuracy, it extracts additional information from your inetd or tlid network configuration file.
When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell com-
mands or options in a pretty-printed format; this makes it easier for you to spot any discrepancies between what you want and what the pro-
gram understands.
ARGUMENTS
The following two arguments are always required:
daemon A daemon process name. Typically, the last component of a daemon executable pathname.
client A host name or network address, or one of the `unknown' or `paranoid' wildcard patterns.
When a client host name is specified, tcpdmatch gives a prediction for each address listed for that client.
When a client address is specified, tcpdmatch predicts what tcpd would do when client name lookup fails.
Optional information specified with the daemon@server form:
server A host name or network address, or one of the `unknown' or `paranoid' wildcard patterns. The default server name is `unknown'.
Optional information specified with the user@client form:
user A client user identifier. Typically, a login name or a numeric userid. The default user name is `unknown'.
OPTIONS
-d Examine hosts.allow and hosts.deny files in the current directory instead of the default ones.
-i inet_conf
Specify this option when tcpdmatch is unable to find your inetd.conf or tlid.conf network configuration file, or when you suspect
that the program uses the wrong one.
EXAMPLES
To predict how tcpd would handle a telnet request from the local system:
tcpdmatch in.telnetd localhost
The same request, pretending that hostname lookup failed:
tcpdmatch in.telnetd 127.0.0.1
To predict what tcpd would do when the client name does not match the client address:
tcpdmatch in.telnetd paranoid
On some systems, daemon names have no `in.' prefix, or tcpdmatch may need some help to locate the inetd configuration file.
FILES
The default locations of the tcpd access control tables are:
/etc/hosts.allow
/etc/hosts.deny
SEE ALSO
tcpdchk(8), tcpd configuration checker
hosts_access(5), format of the tcpd access control tables.
hosts_options(5), format of the language extensions.
inetd.conf(5), format of the inetd control file.
tlid.conf(5), format of the tlid control file.
AUTHORS
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
TCPDMATCH(8)