Login or Register to Ask a Question and Join Our Community


Solaris

[Solaris 10] /etc/hosts.allow

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris [Solaris 10] /etc/hosts.allow
# 1  
Old 03-17-2011
[Solaris 10] /etc/hosts.allow
Hi,

I am trying to find a Solaris 10 alternative to the HPUX inetd.sec functionality.
I want to grant access to one service for one IP address only.

Code:
# grep fme2eall /etc/services
fme2eall        35000/tcp

# svcs -a | grep fme2eall
online         Mar_09   svc:/network/fme2eall/tcp:default

# inetadm -l fme2eall/tcp | grep tcp_wrappers
         tcp_wrappers=TRUE

# cat /etc/hosts.allow
fme2eall/tcp: 135.246.39.151

# cat /etc/hosts.deny
fme2eall/tcp: ALL

# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true

# svcadm refresh inetd

Unluckily access to port 35000 and the fme2eall service is still possible for all IP addresses.

I tried to include the name for the service in different ways, like "svc:/network/fme2eall/tcp", "/network/fme2eall/tcp", "/network/fme2eall/tcp" and "fme2eall", but this does not change the situation.

Will it work at all ?
Something I forgot ?

Greetings,

ejdv
# 2  
Old 04-15-2011
susheel
its an tcp wrappers concept
enable wrappers
#inetadm -p
is used to know wethwer wrapers are enabled r not
#inetadm -M tcp_wrappers=true
#vi /etc/hosts.deny
in.telnetd:ip
#vi /etc/hosts.allow
in.telnetd:ip
# 3  
Old 04-18-2011
Thanks for the reply.
I forgot to mention that I enabled tcp wrappers using:

Code:
# inetadm -M tcp_wrappers=true

or

#  svccfg -s inetd setprop defaults/tcp_wrappers=true

Code:
# inetadm -M tcp_trace=true
# inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=TRUE
tcp_wrappers=TRUE
connection_backlog=10

# inetadm -l svc:/network/fme2eall/tcp | grep tcp_wrappers
         tcp_wrappers=TRUE

# cat /etc/hosts.deny
fme2eall/tcp: ALL

==> connection ok

Looking good.

Code:
# cat /etc/hosts.deny
svc:/network/fme2eall/tcp: ALL

# telnet 135.246.39.226 35000
Trying 135.246.39.226...
telnet: Unable to connect to remote host: Connection refused

# cat /etc/hosts.allow
svc:/network/fme2eall/tcp: ALL

==> connection ok

Still ok.

Code:
# cat /etc/hosts.allow
svc:/network/fme2eall/tcp: 135.246.39.233

==> connection ok

Cannot complain.

Code:
# cat /etc/hosts.allow
svc:/network/fme2eall/tcp: 135.246.39.230

svcadm refresh inetd

==> connection ok

Not so good, had to be blocked.


Code:
# rm /etc/hosts.allow

svcadm refresh inetd

==> connection ok

Very bad. No hosts.allow file so hosts.deny should block everything.

So the conclusion is that I can make it work, but not on demand.
Results vary, so I cannot depend on it.
Pity.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

How to copy a tar file on a series of remote hosts and untar it on those hosts?

Am trying to copy a tar file onto a series of remote hosts and untar it at the destination. Need to do this without having to do multiple ssh. Actions to perform within a single ssh session via shell script - copy a file - untar at destination (remote host) OS : Linux RHEL6 (3 Replies)
Discussion started by: sankasu
3 Replies

2. AIX

aix tcp wrappers hosts.allow hosts.deny?

hi all just installed the netsec.options.tcpwrapper from expansion pack, which used to be a rpm, for my aix 6.1 test box. it is so unpredictable. i set up the hosts.deny as suggested for all and allow the sshd for specific ip addresses/hostnames. the tcpdchk says the hosts allowed and... (0 Replies)
Discussion started by: wf201626
0 Replies

3. Solaris

/etc/hosts.allow on Solaris 10

I added some entries in the /etc/hosts.allow on a Solaris 10 system. Do I need to bounce inetd? I have read some accounts where any changes made to the /etc/hosts.allow will be taken in automatically. And other accounts where you need to run: svcadm refresh inetd My... (1 Reply)
Discussion started by: snoman1
1 Replies

4. Solaris

Sendmail does not accord to the hosts order in Solaris nsswitch.conf

Dear Friend, It is strange that my sendmail does not accord to the hosts order in solaris nsswitch.conf. Please let me elaborate in details. Thank you. Setting: solaris 9 /etc/nsswitch.conf hosts: file ldap dns sendmail 8.13.4 /etc/mail/sendmail.cf O... (4 Replies)
Discussion started by: jackyyjwu
4 Replies

5. UNIX for Advanced & Expert Users

solaris 10 autofs - how to mount /net (hosts)

Hello Everyone, I am working with Solaris 10 autofs feature. On the server (and client) in /etc/auto_master I have this entry: /net -hosts -nosuid,nobrowse On the server, I have shared out /var/tmp, started the nfs server and issued the shareall command. When I issue share I can... (1 Reply)
Discussion started by: anies rahman
1 Replies

6. Solaris

Multiple Hosts on Solaris CDE window

I forgot how to configure multiple host servers on the my CDE windows in Solaris. I'll appreciate any help Thanks, Remi (2 Replies)
Discussion started by: Remi
2 Replies

7. UNIX for Dummies Questions & Answers

Hosts.allow and hosts.deny

Hello everyone, This is my first posts and I did search for a questions but did not find a question that answered my question unless of course I overlooked it. I'm running Solaris 8. I use ssh for the users but I have a user called "chatterbox" that uses telnet but I need for chatterbox to... (1 Reply)
Discussion started by: huddlestonsnk
1 Replies

8. Shell Programming and Scripting

remote hosts access problem on solaris

hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies

9. UNIX for Dummies Questions & Answers

hosts.allow & hosts.deny

Hi! Im trying to use host.allow & host.deny to resrtic access to my sun machine, but it doesnt seem to work... I want to allow full access from certain IPīs (ssh,http,ftp,etc...) but deny all kind of conections from outsideworld, the way that im doing that is: hosts.allow ALL:127.0.0.1... (2 Replies)
Discussion started by: Sorrento
2 Replies

10. UNIX for Advanced & Expert Users

Encrypt traffic between Solaris 8 hosts

I have two Solaris 8 hosts that send data to one another throughout the day. It is a legacy system and the programs used are rdist, rcp and ftp. I have been asked to ensure that the data transferred is encrypted beween the two hosts. My first thought was to replace these commands with ssh.... (2 Replies)
Discussion started by: blp001
2 Replies
Login or Register to Ask a Question