similar to: Logging and libwrap

Is there plans to use libwrap Or is there already some kind of access control i have missed?? What i really want is a mechanism so i can say: If The request comes from "123.121.212.0" dont offer ssl and accept plain else demand ssl and no plain I now have this (almost) in another imap server by xinetd and two ip addresses. I could solve this by iptables or access list on the router

Hello everyone, I am having difficulties in setting up a tftp server on a Fedora 3.14.8-200.fc20.x86_64. Running tftp client to test the server functionality, a simple get from the terminal prompts 'Transfer timed out.' back. The version is tftp-hpa 5.2, with remap, with tcpwrappers, unfortunately I am not able to find any log in the system journal.? The server and related services appear

On Wed, 20 May 2015 14:46:57 +0200 Peter Stuge <peter at stuge.se> wrote: > Stephan von Krawczynski wrote: > > it is pretty obvious > > I guess you're not only not subscribed to the development list, but > you seem to also not have looked at the list archives. > > You can only seem like a troll if you act as if you know best but > in fact you are wrong.

I am (belatedly) updating pkgsrc to 2.8.1 (+ bugfix). (FWIW, I think a 2.8.1.1 or 2.8.2 immediately with the fix is in order. >From a packaging viewpoint, the effort to update for a release is about 3 minutes plus time to adapt anythhing that has changed. So I'd much rather have releases more often.) In the pkgsrc build, nut finds tcp wrappers because they are part of the base system.

Hello, There is a small but annoying problem with linking libwrap in openssh. The library is added to LIBS which makes it be linked in to all binaries. This is unnecessary and leads to bogus dependencies if libwrap is a shared library. Following is a trivial fix that reserves a separate autoconf substitution variable LIBWRAP, which is only used for sshd. Please apply. Maciej -- +

Hello all, after a useless discussion on the opensuse ML I had to find out that they buried the removal news of libwrap last year in some half-sentence. So this is unfortunately pretty late for the topic. Nevertheless it is pretty obvious that you did not get any feedback from people using ssh over decades in server-administration. Let me make a clear point: libwrap removal was a pretty bad idea.

All, There was some discussion recently on Ubuntu Launchpad regarding the bug in NUT 2.2.1 where it was not possible to connect with an accept- all ACL: https://bugs.launchpad.net/bugs/235653 The package was patched for the upcoming Ubuntu release (intrepid), but the discussion drifted to the merits of application-level ACLs (comment 11 and beyond). Steve Langasek brings up a good point

Good Morning, I have a Centos 4.5 (x86_64) server running samba to share data with windows users. We've been going through a security audit and the following log entries were noted: [2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206) get_alias_user_groups: gid of user bendew doesn't exist. Check your /etc/passwd and /etc/group files [2007/09/24 09:37:29, 1]

I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows: /etc/hosts.allow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part

to improve forensic log info i want to set the PAM_RHOST value to the remote ip (which pam logs as rhost=foo in failure messages). i didn't look to see if anything has been done in this way on CVS because i'm still on 0.99.10.6. below is a bit of a hack. in some sense the remote_ip might make more sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue packet... but that

Howdy, It seems that even when specifying the --with-tcp-wrappers configure flag, the LIBWRAP define in config.h never gets #define'd and -lwrap never gets added to LIBS in the Makefile. To make sure I wasn't dealing with a stale configure file, I ran autoconf on configure.in to roll a new configure. I also don't see anything wrong with the --with-tcp-wrappers defined in

Hello, I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny acess to users who connect from certain domains/IP (google.com for instance since in that case they gave their credentials to a third party). My understanding is that I cannot use some negative form of "allow_nets". The only mechanism I can think of is tcp_wrappers. However, dovecot documentation mention

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

Thanks, I think it would not hurt to add the variables into the source if that helps? A bit puzzled why it wants TCP wrappers though, the program is primarily about the Unix socket access. It can be used by end-users or more likely by developers for troubleshooting; potentially for some automations that act like a NUT driver. Not intended as a prime-time mechanism, but could have its uses... As

Hello, we want to use dovecot LMTP for efficient mail delivery from our MX servers (running postfix 2.8) to our storage servers (dovecot 2.0.17). However, the one problem we see is the lack of access control when using LMTP. It apears that every client in our network who has access to the storage machines can drop a message in a Maildir of any user on that storage server. To prevent this

Hi. I run peridocally (from cron) on all of my machines 30 * * * * root /sbin/hwclock --systohc All of those machines in question take their time via NTP from the same local server, and that server gets its time from a ntp pool. Now I had to reboot a couple of them two days ago and to my surprise all had problems with the time upon booting. Here are the important files: [root at XXXXXX ~]

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49

It works ! It was THAT easy ! Can you suggest how to replace the hair I pulled out ? :-) On 2016-12-29 5:27 PM, Larry Rosenman wrote: > login_access_sockets = tcpwrap > > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user > mode = 0600 > user = $default_login_user > } > } > > > > On Thu, Dec 29, 2016 at

hey guys, I have a really silly question for you! I just built a cobbler server that I am using to bare metal some boxes. But I am a bit n00b and need to figure out which ports to open in iptables. Here's a start: xinetd 2031 root 8u IPv4 94306 UDP *:tftp in.tftpd 9203 root cwd DIR 253,0 4096 588097 /tftpboot