Table of Contents
Advertisement
Chapter 17. TCP Wrappers and ...
For example, the following
a particular network group and restrict the overall time range that even allowed users can log in:
service telnet { disable = no flags = REUSE socket_type = stream wait = no
user = root server = /usr/sbin/in.telnetd log_on_failure += USERID no_access
= 10.0.1.0/24 log_on_success += PID HOST EXIT access_times = 09:45-16:15 }
In this example, when a client system from the 10.0.1.0/24 network, such as 10.0.1.2, tries to
access the Telnet service, it receives a message stating the following message:
Connection closed by foreign host.
In addition, their login attempts are logged in
May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2 May 15
17:38:49 boo xinetd[16252]: EXIT: telnet status=0 pid=16256
When using TCP wrappers in conjunction with
understand the relationship between the two access control mechanisms.
The following is the order of operations followed by
1. The
daemon accesses the TCP wrappers hosts access rules through a
xinetd
library call. If a deny rule matches the client host, the connection is dropped. If an allow rule
matches the client host, the connection is passed on to
2. The
daemon checks its own access control rules both for the
xinetd
requested service. If a deny rule matches the client host the connection is dropped.
Otherwise,
xinetd
connection to it.
Important
Care should be taken when using TCP wrappers access controls in conjunction
with
xinetd
4.3.3. Binding and Redirection Options
The service configuration files for
redirecting incoming requests for that service to another IP address, hostname, or port.
Binding is controlled with the
322
/etc/xinetd.d/telnet
starts an instance of the requested service and passes control of the
access controls. Misconfiguration can cause undesired effects.
support binding the service to an IP address and
xinetd
option in the service-specific configuration files and links the
bind
file can be used to block Telnet access from
as follows:
/var/log/secure
access controls, it is important to
xinetd
when a client requests a connection:
xinetd
.
xinetd
libwrap.a
service and the
xinetd
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4.5.0
Related Products for Red Hat ENTERPRISE LINUX 4.5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE