[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: [suse-security] libwrap supported services



Thx Armin,

Last time I had a look on a SLES9 box, there were no such list in allow or deny file. It seems that the implementation is a little different with workstation versions (including inetd/xinetd). 

Do you think this is a complete list of services (with the files in /etc/xinetd.d, of course)?

Petteri

-----Original Message-----
From: Armin Schoech <armin.schoech@xxxxxx>
To: suse-security@xxxxxxxx
Date: Thu, 17 Nov 2005 09:08:20 +0000 (UTC)
Subject: Re: [suse-security] libwrap supported services 

Hi Petteri,

> Is there a list (or a way to find out in a running system) somewhere 
> for libwrap supported services?
>
--> in SuSE 9.3 at least, there is a list of services and some other 
information in /etc/hosts.allow 

On my system it looks like:

# /etc/hosts.allow
# See `man tcpdX and `man 5 hosts_accessX for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
# short overview about daemons and servers that are built with
# tcp_wrappers support:
#
# package name  |       daemon path     |       token
# 
----------------------------------------------------------------------------
# ssh, openssh  |  /usr/sbin/sshd       |  sshd, sshd-fwd-x11, sshd-fwd-<port>
# quota         | /usr/sbin/rpc.rquotad |  rquotad
# tftpd         | /usr/sbin/in.tftpd    |  in.tftpd
# portmap       |  /sbin/portmap        |  portmap
#                       The portmapper does not verify against hostnames
#                       to prevent hangs. It only checks non-local addresses.
#
# (kernel nfs server)
# nfs-utils     |  /usr/sbin/rpc.mountd |  mountd
# nfs-utils     |  /sbin/rpc.statd      |  statd
#
# (unfsd, userspace nfs server)
# nfs-server    |  /usr/sbin/rpc.mountd |  rpc.mountd
# nfs-server    |  /usr/sbin/rpc.ugidd  |  rpc.ugidd
#
# (printing services)
# lprng         |  /usr/sbin/lpd        |  lpd
# cups          |  /usr/sbin/cupsd      |  cupsd
#                       The cupsd server daemon reports to the cups
#                       error logs, not to the syslog(3) facility.
#
# All of the other network servers such as samba, apache or X, have their own
# access control scheme that should be used instead.
#
# In addition to the services above, the services that are started on request
# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
# the last component of the server pathname as a token to match a service in
# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
#

HTH,
Armin

--
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here