Dear Friends:
===========================================================================
(I). My original posting was:
>>Did anybody have ever built the Internet firewall program 'tcpd'?
>>Recently, I got the 'tcpd' from the net, it is called 'tcp_wrappers_7.2'.
>>I built and installed it on my machine. Plus, I also modified the file
>>/etc/inetd.conf and `kill -HUP' inetd. However, it seemed that nothing
>>happened after I SIGHUP inetd.
>>I checked the /var/log/syslog, it was not updating, so I thought 'tcpd'
>>was not working. Did anybody have idea about what might went worng?
>>Thanks for your assistance.
>>I will summarize.
>>P.S:
>>(1).Follow is an exert from the file /etc/inetd.conf:
>>#ftp stream tcp nowait root /usr/etc/in.ftpd in.ftpd
>>ftp stream tcp nowait root /usr/etc/tcpd in.ftpd
>>#telnet stream tcp nowait root /usr/etc/in.telnetd in.telnetd
>>telnet stream tcp nowait root /usr/etc/tcpd in.telnetd
>>(2). I'm using a SPARC 10 running SunOS 4.1.3_u1B.
===========================================================================
(II). I'm glad that so many nice persons gave me so many suggestions.
I deeply appreciated all of your efforts to help me solve the
problems.
In order to let everybody know each response, I'll put the original
solution that I got in this summary.
By the way, I haven't tried to solve the problem yet. I summarize
first. After the problem being solved, I'll summarize again to
depict what caused my problem and how I solve it.
Thanks you all again!
BTW: After I solved this problem, I'll send you another summary
to depict what I did to get it through.
(1). From: minh@codac.codac.telecom.com.au (Minh Tran)
Check /etc/syslog.conf, this file specified where information is logged.
(2). From: root@ksm.com.my ((KSM) System Admin)
firstly...that's not a firewall software...it's a security tools
to monitor your system...for example
it will let you know who is interested in your system...
who finger to your server.. telnet process into your system,
rlogin into your server, from where etc...
have you read the README file that comes together with the software ?
I suggest you try the Easy configuration first before trying the
advanced configuration.
(3). From: andrewb@gecko.crufad.unsw.EDU.AU (Andrew Baillie)
Hi,
I have tcp wrappers working fine with 2.3 and 2.4 as well
as Interactive 386/ix. The README file the comes with the
distribution takes you through the steps you need and you
are doing an advanced installation so I presume you have
read it.
By nothing happening I presume you mean that connections
are not being logged. They may be in /var/adm/messages or
in the spot were mail stuff is logged (/var/spool/mqueue)
i think. This depends on your /etc/syslog.conf file.
You could check that connections you want to disallow
(/etc/hosts.deny & /etc/hosts.allow) are being disallowed.
You should see some logging of this thou.
In the past I have come to grief because I misspelt the
allowed services in hosts.allow. They have to be exactly as
in inetd.conf. So "ftp xxx.xxx.xxx.xxx" fails while
"/etc/in.ftpd xxx.xxx.xxx.xxx" works.
Can you check with acctcom or similar to see if tcpd is
being run?
mail me if you want more help
andrewb
(4). From: "Dick St.Peters" <stpeters@NetHeaven.com>
Try:
ftp stream tcp nowait root /usr/etc/tcpd /usr/etc/in.ftpd
telnet stream tcp nowait root /usr/etc/tcpd /usr/etc/in.telnetd
^^^^^^^^
-- Dick St.Peters, Gatekeeper, Pearly Gateway, Ballston Spa, NY stpeters@NetHeaven.com Owner/operator, NetHeaven 518-885-1295 Visit the Internet Conference Calendar http://calendar.com/conferences(5). From: "Scott McClung" <mcclung@owens.ridgecrest.ca.us>
I use tcpd and the portmap replacement on all the UNIX workstations I administrate. It works very well for me.
I didn't see you mention it, so I thought I'd ask: did you create the /etc/hosts.allow and /etc/hosts.deny files on that machine, as described in the hosts_options and/or hosts_allow (?) man pages. If those files don't exist, tcpd will do nothing. I don't think tcpd will send anything to syslogd if those files don't exist, but I'd have to check the source to be sure.
Just a thought.
-- /* Scott McClung mcclung@owens.ridgecrest.ca.us * System Administrator/Software Engineer mcclung@imt.saic.com * Science Applications International Corportation (SAIC) * "Real programmers use cat > file.S" */
(6). From: Juergen Rothenanger <Juergen.Rothenanger@rrze.uni-erlangen.de>
Hi,
be sure that in your syslog.conf the messages for mail.? go to the syslog.log.
I have the same configuration, and all works fine.
Juergen Rothenanger ------------- Juergen Rothenanger, Univ. of Erlangen-Nuernberg, Regional Computing Center (RRZE), Martenstr.1, 91058 Erlangen, Germany
Phone: ++49 +9131 857814, Fax: ++49 +9131 302941 Email (Internet): Juergen.Rothenanger@RRZE.Uni-Erlangen.DE Email (X.400): /C=de/A=d400/P=uni-erlangen/OU=rrze/OU1=pc/S=unrz57/ WWW: http://www.uni-erlangen.de/~unrz57
(7). From: bern@TI.Uni-Trier.DE (Jochen Bern)
A) Did you set up the hosts.allow and hosts.deny Files? B) tcpd has its own Logfile. Its Filename is somewhere in the Sources. C) Unless the File already exists, tcpd won't log anything. D) Is that Return Address on your Request correct? Looks like a local Exploder Alias to me.
Regards, J. Bern -- /\ /""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""\ / \/ bern@uni-trier.de (7Bit,Size Limit!) | P.O. Box 1203 | Ham: \/\ / J. \ bern@ti.uni-trier.de (8Bit,SUN Att.) | D-54202 Trier | DD0KZ / \ \Bern/ No Finger etc.; Use Mail (Subj. "##" for Autoreply List) and \ / \ /\ WWW. /\/ \/ \____________________________________________________________/
(8). From: Joe Fedock <jfedock@motown.ge.com>
If I'm not mistaken (doing this from memory from a few years ago), you have to add a few entries to /etc/syslog.conf to get the results logged and then restart syslog. I don't have specifics on the entries that are needed right at my fingertips, but if you get stuck and can't find anything on it, I can spend some time looking for it. I believe the tcpd documentation meantions it somewhere also.
Best of luck.
Joseph M. Fedock (voice) 609 722-4799 EIS Tech Services (pager) 609 342-9014 Martin Marietta jfedock@motown.ge.com Government Electronic Systems Mail Stop 104-036 199 Borton Landing Road P.O. Box 1027 Moorestown, NJ 08057-0927
(9). From: wleung@dbcc.com (Wing Leung)
You shout modify you inetd.cond like :
ftp stream tcp nowait root /usr/etc/tcpd ftpd telnet stream tcp nowait root /usr/etc/tcpd telnetd shell stream tcp nowait root /usr/etc/tcpd rshd login stream tcp nowait root /usr/etc/tcpd rlogind exec stream tcp nowait root /usr/etc/tcpd rexecd
(10). From: Joe Fedock <jfedock@motown.ge.com>
I found the necessary additions to syslog.conf that I referred to in my previous message, so here they are:
add to /etc/syslog.conf:
local7.err;local7.warning;local7.info ifdef(`LOGHOST', /var/log/wrapperlog, @loghost) local7.warning root
Then make sure you create /var/log/wrapperlog on your loghost machine and RESTART (kill and restart) syslogd. Or, you can direct the output to /var/log/syslog, as you desire.
Hope this helps.
Joseph M. Fedock (voice) 609 722-4799 EIS Tech Services (pager) 609 342-9014 Martin Marietta jfedock@motown.ge.com Government Electronic Systems Mail Stop 104-036 199 Borton Landing Road P.O. Box 1027 Moorestown, NJ 08057-0927
(11). From: Sonic the Hedgehog <sonic@deepspc1.htls.lib.il.us>
Your inetd.conf looks ok. Was there ftp and telnet traffic on your machine to cause anything to be written to syslog? A telnet connection looks similiar to this: Apr 21 08:56:02 deepspc1 telnetd[9832]: connect from deepspc1.htls.lib.il.us Apr 21 08:56:02 deepspc1 telnetd[9832]: connect from deepspc1.htls.lib.il.us Apr 21 08:56:02 deepspc1 telnetd[9832]: connect from deepspc1.htls.lib.il.us An ftp connection looks similar to this: Apr 21 09:08:10 deepspc1 ftpd[9963]: connect from starbase1.htls.lib.il.us Apr 21 09:08:10 deepspc1 ftpd[9963]: connect from starbase1.htls.lib.il.us Apr 21 09:08:10 deepspc1 ftpd[9963]: connection from starbase1.htls.lib.il.us at Fri Apr 21 09:08:10 1995 Happy wrapping, ron ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ron Chesko "Can't buy what I want because it's Network Manager free..." Heritage Trail Library System -Eddie Vedder Ph: 815-729-3345 "Faboo!","Would you like to see me make Fax: 815-725-0930 bubbles with my spit?" -Wakko Warner
No purchase necessary...All rights reserved...Batteries not included...Void where prohibited by law...Parental guidance is suggested...Parental Advisory, Explicit lyrics...Thpppt...Ack...Ack...Ack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(12). From: Al.Venz@seag.fingerhut.com (Al Venz)
Hi,
I have set up the TCP wrapper you're talking about several times, but the first was obviously the toughest. :) The explanations in the manuals, while notalways quick, are pretty good, it's definitely worth it to dig through them. tcpd is a very powerful tool.
It sounds like your problem could sit in your /etc/hosts.deny and /etc/hosts.allow files. Look into how to use them for logging and access control.
I'd send you a decent example, but I just rebuild my machine to 2.4 and haven't spent the 2 minutes to add a tcpd package I've created. Let me know if you don't get the responses you need, and I'll dig in with you a little bit....
See ya, and good luck! Al
(13). From: Joe Konczal <konczal@csmes.ncsl.nist.gov>
You need to modify your /etc/syslog.conf to specify what to do with the TCP Wrappers messages, and you need to kill -HUP the syslog. I built TCP Wrappers to use local2 facility, so I added the following lines to /etc/syslog.conf to send the messages to my console window.
# Log tcp wrappers messages local2.debug /dev/console
-- Joseph C. Konczal <konczal@csmes.ncsl.nist.gov> National Institute of Standards and Technology Tech. A62, Gaithersburg, MD 20899 USA (301) 975-3285
NIST Computer Security Resource Clearinghouse - http://csrc.ncsl.nist.gov
(14). From: "Christopher L. Barnard" <cbarnard@CS.UChicago.EDU>
It probably is working, but not logging where you think it is. Here is what I did to build and install tcp wrappers. I have it running on 4.1.3, 4.1.3_U1, and 4.1.4, 5.3, and 5.4 machines from SLC to SparcServer 20s.
Customization lines in the Makefile (SunOS 4.1.x version):
RANLIB = ranlib ARFLAGS = rv AUX_OBJ = setenv.o no LIBS line defined no SYSTYPE defined BUGS= -DSOLARIS_24_GETHOSTBYNAME_BUG (I also have solaris 2.4 clients) VSYSLOG = -Dvsyslog=mysyslog STYLE = -DPROCESS_OPTIONS FACILITY= LOG_LOCAL2 SEVERITY= LOG_INFO no DOT defined no AUTH defined RFC931_TIMEOUT = 10 UMASK = -DDAEMON_UMASK=022 ACCESS = -DHOSTS_ACCESS TABLES = -DHOST_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\" PARANOID = -DPARANOID HOSTNAME = -DALWAYS_HOSTNAME
You've got your inetd.conf file right, it looks like.
My syslog.conf file has this line:
local2.info ifdef(`LOGHOST', /var/log/tcpdlog, @loghost)
Then create the file /var/log/tcpdlog on your loghost machine, and fire everything up. I have this line on the loghost itself, of course:
local2.info /var/log/tcpdlog
I hope this helps.
(15). From: Reto Lichtensteiger <rali@hri.com>
Your inetd.conf entries look OK ... What logging did you set in the tcpd Makefile? I believe it defaults to LOG_MAIL at INFO level.
Did you modify the syslogd.conf file to track those messages?
I build tcpd to use LOG_LOCAL0 and added lines to syslogd.conf to track access info in a seperate log file ...
-Reto- -- R A Lichtensteiger rali@hri.com System Administrator Horizon Research Inc (617) 466-8304 Waltham MA 02154 http://www.hri.com/HRI/People/rali.html
I use Solaris because someone told me it was admirable to work with the handicapped ...
(16). From: Silvia Beltran Sanchez <silviab@servidor.unam.mx>
Maybe you forgot to modified correctly the Makefile, or maybe the tcpd isn't in /usr/etc
I installed tcp in my host and it run fine.
sorry, my englis is so bad. __________________________________________________________________________ , , Silvia Beltran S. ("\''/").___..--''"`-._ `9_ 9 ) `-. ( ).`-.__.`) U.N.A.M. - D.G.S.C.A (_Y_.)' ._ ) `._ `. ``-..-' Coordinacion de servicios de red _..`--'_..-_/ /--'_.' . (il).-'' ((i).' ((!.-' silviab@servidor.unam.mx silvia@condor.dgsca.unam.mx "Cuando sabes a donde vas, el mundo silvia@simba.dgsca.unam.mx entero se aparta para abrirte paso" __________________________________________________________________________
(17). From: Richard Crane <adm0001@cadlab.ECE.Drexel.EDU>
Things to check.
1) Make sure you have TABS not spaces between fields in your inetd.conf 2) Try 'kill -1 <process number>' where the process number is the inetd process number.
Also, be more specific in terms of what happened. Did you lose ftp and telnet capabilities? If not, then everything is probably working. What do you have setup in your /etc/hosts.deny and /etc/hosts.allow files? The default is to allow all connections.
Let me know if this helps.
Rich
(18). From: Juergen Peus <grobi@uni-paderborn.de>
Hmmm...this seems to be alright, but what about syslog.conf ?? Which facility are you using ??? We use LOG_LOCAL0 to make sure that the out from tcpd goes to an extra file.... Are your hosts.allow & hosts.deny files OK ?? By default, hosts access is enabled !! The following configuration shouls work:
galois[tcpwrapper]# more * :::::::::::::: hosts.allow :::::::::::::: ALL: ALL :::::::::::::: hosts.deny :::::::::::::: galois[tcpwrapper]#
If you made changes to /etc/syslog.conf, make sure you used TAB as separators between the columns and `kill -HUP` syslogd.
If you try using ftp or telnet are there any messages in /var/adm/messages ??
Ciao, Juergen
-----------
Juergen Peus (grobi@uni-paderborn.de) <A HREF="http://math-www.uni-paderborn.de/~grobi/">Click here</A>
(19). From: poland@cam4.gsfc.nasa.gov (James Poland)
Take a look at /etc/syslog.conf. By default, most information is logged to /var/adm/messages.
===========================================================================
Thanks you all again!
Tim Tsao
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:22 CDT