[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000310: tcp wrappers on ADDE transactions

>From: Jim Koermer <address@hidden>
>Organization: Unidata Program Center
>Keywords: Plymouth NOAAPORT GINI ADDE

Jim,

>Here is some information on tcpd with BSD:
>
>TCPD is part of TCP Wrappers...  A security tool, you will find
>"tcpd" in /usr/local/libexec on snow...

This was one of the pieces that was missing.

>The "host.deny" and
>"host.allow" file it uses should be placed in /usr/local/etc...

/etc/hosts.allow notes that hosts.deny is no longer used:

# NOTE: The hosts.deny file is not longer used.  Instead, put both 'allow'
#       and 'deny' rules in the hosts.allow file.
# see hosts_options(5) for the format of this file.
# hosts_access(5) no longer fully applies.

# This is an example! You will need to modify it for your specific
# requirements!

The file also notes that by default everything is allowed:

# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.

The next thing that had to be determined by trial and error was the
entry in /etc/syslog.conf.  I got Mike S. on the phone and we finally
found out that the following works:

auth.debug                                      /var/log/tcpd.log

So, I modified the following files:

/etc/inetd.conf       - to run tcpd first; if authorized, it runs mcservsh
/etc/hosts.allow      - put in an entry: mcservsh : ALL : allow
/etc/syslog.conf      - told it to log auth.debug to /var/log/tcpd.log

>If you
>need more info let me know.  You can do a "man tcpd" for specific info.

Got it, thanks.

>hosts.allow (should contain something like):
>
>swat : ness.plymouth.edu,stimpy.plymouth.edu
>poppassd : its2.plymouth.edu
>amandad : its4.plymouth.edu,rabbit.plymouth.edu
>
>
>hosts.deny(should contain something like):
>
>ALL : ALL                 


Now, the thing that you will have to watch from time to time are the
entries in /var/log/tcpd.log.  This will tell you what machine has connected
for ADDE services.  Here is the contents of this file as I write this:

cat /var/log/tcpd.log
Mar 10 22:19:12 snow mcservsh[66515]: connect from zero.unidata.ucar.edu
Mar 10 22:27:16 snow mcservsh[66594]: connect from zero.unidata.ucar.edu
Mar 10 22:28:09 snow mcservsh[66601]: connect from zero.unidata.ucar.edu
Mar 10 22:29:21 snow mcservsh[66607]: connect from gale.unidata.ucar.edu
Mar 10 22:30:06 snow mcservsh[66616]: connect from zero.unidata.ucar.edu

All of these were made by me running:

DSINFO IMAGE RTGINI from machines here at Unidata.

The other thing that you will have to do at some point is rotate the
tcpd.log file.  How often you do this will depend on the traffice
you get.  The rotation process should be something like:

cd /var/log
mv tcpd.log tcpd.log.1
touch tcpd.log
kill -HUP <pid of syslogd>

The 'ldmadmin newlog' action of the LDM demonstrates how to create a script
that will do the job keeping 'n' log files online at any time.

I will get back to you probably early next week with the blow-by-blow
description of how the ADDE access works; how it is setup; and any
future configurations you may have to make (minor if any).

Things are off and running!

Tom