Do you trust your users to follow your instructions? Post: 302950146

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

ssh2-keygen trust issue

I have two systems SysA & SysB having the same userid sharing the home directory via NFS mount. I need to know the steps to setup ssh trust between these two systems given that both share the home dir. I have tried all the steps to generate the keys & then creating identification &...

2. Solaris

configuring user as trust

Hi Gurus, Got another issue. I am trying to configure a user to run some scripts through trusted user where in while logging to remote system it shouldn't ask for password. i did following to get it working but its not working i create a private and public key with the below...

3. HP-UX

Not Trust Host 10.10.10.10

I get a message similar to this, in the syslog file. Actually, I am trying to let the host at 10.10.10.10 access the HP-UX system. How do I get it trusted? Thanks!

4. UNIX for Dummies Questions & Answers

ssh trust issue

Hi, i am setting up ssh trust setup between two servers where SVRA is a solaris box and SVRB is a Red Hat Linux. It is asking for the password all the time. I have copied over the SVRA:/home/nagios/.ssh/id_dsa.pub as authorized_keys on to SVRB:/dat01/home/nagios/.ssh/ -bash-3.00$ ssh -vvv...

5. Linux

SCEP and Trust Anchor

Hi Does anybody knows about the simple certificate enrollment protocol details ? if yes please provide me the details. And what is a trust anchor profile ? Thanks in advance.

6. Shell Programming and Scripting

SSH Trust Testing

Hi, I want test the ssh trust between two host. It works fine if the trust is working fine but if the trust is not working fine it gets stuck. #!/bin/sh >/users/test/ssh.txt for i in `cat /users/test/host.txt`; do ssh test@$i uname -a >> /users/test/ssh.txt test=`cat...

7. What is on Your Mind?

Twitter Users: Follow the Forums on Twitter

Hey Twitter Users, You can follow the forums on Twitter: https://twitter.com/unixlinux @unixlinux Current Twitter Stats: TWEETS 76.4K FOLLOWERS 54.3K Comments or questions? Please post below.

LEARN ABOUT SUSE

tcprules

tcprules(1)                                                   General Commands Manual                                                  tcprules(1)

NAME

       tcprules - compile rules for tcpserver

SYNOPSIS

       tcprules rules.cdb rules.tmp

OVERVIEW

       tcpserver optionally follows rules to decide whether a TCP connection is acceptable.  For example, a rule of

          18.23.0.32:deny

       prohibits connections from IP address 18.23.0.32.

       tcprules reads rules from its standard input and writes them into rules.cdb in a binary format suited for quick access by tcpserver.

       tcprules  can be used while tcpserver is running: it ensures that rules.cdb is updated atomically.  It does this by first writing the rules
       to rules.tmp and then moving rules.tmp on top of rules.cdb.  If rules.tmp already exists, it  is  destroyed.   The  directories  containing
       rules.cdb and rules.tmp must be writable to tcprules; they must also be on the same filesystem.

       If there is a problem with the input, tcprules complains and leaves rules.cdb alone.

       The binary rules.cdb format is portable across machines.

RULE FORMAT

       A rule takes up one line.  A file containing rules may also contain comments: lines beginning with # are ignored.

       Each  rule  contains an address, a colon, and a list of instructions, with no extra spaces.  When tcpserver receives a connection from that
       address, it follows the instructions.

ADDRESSES

       tcpserver starts by looking for a rule with address TCPREMOTEINFO@TCPREMOTEIP.  If it doesn't find one, or if TCPREMOTEINFO is not set,  it
       tries  the  address TCPREMOTEIP.  If that doesn't work, it tries shorter and shorter prefixes of TCPREMOTEIP ending with a dot.  If none of
       them work, it tries the empty string.

       For example, here are some rules:

          joe@127.0.0.1:first
          18.23.0.32:second
          127.:third
          :fourth
          ::1:fifth

       If TCPREMOTEIP is 10.119.75.38, tcpserver will follow the fourth instructions.

       If TCPREMOTEIP is ::1, tcpserver will follow the fifth instructions.  Note that  you  cannot  detect  IPv4  mapped  addresses  by  matching
       "::ffff", as those addresses will be converted to IPv4 before looking at the rules.

       If TCPREMOTEIP is 18.23.0.32, tcpserver will follow the second instructions.

       If TCPREMOTEINFO is bill and TCPREMOTEIP is 127.0.0.1, tcpserver will follow the third instructions.

       If TCPREMOTEINFO is joe and TCPREMOTEIP is 127.0.0.1, tcpserver will follow the first instructions.

ADDRESS RANGES

       tcprules treats 1.2.3.37-53:ins as an abbreviation for the rules 1.2.3.37:ins, 1.2.3.38:ins, and so on up through 1.2.3.53:ins.  Similarly,
       10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins.

INSTRUCTIONS

       The instructions in a rule must begin with either allow or deny.  deny tells tcpserver to drop the  connection  without  running  anything.
       For example, the rule

          :deny

       tells tcpserver to drop all connections that aren't handled by more specific rules.

       The  instructions  may continue with some environment variables, in the format ,VAR="VALUE".  tcpserver adds VAR=VALUE to the current envi-
       ronment.  For example,

          10.0.:allow,RELAYCLIENT="@fix.me"

       adds RELAYCLIENT=@fix.me to the environment.  The quotes here may be replaced by any repeated character:

          10.0.:allow,RELAYCLIENT=/@fix.me/

       Any number of variables may be listed:

          127.0.0.1:allow,RELAYCLIENT="",TCPLOCALHOST="movie.edu"

SEE ALSO

       tcprulescheck(1), tcpserver(1), tcp-environ(5)

                                                                                                                                       tcprules(1)