Displaying 20 results from an estimated 3000 matches similar to: "Logging and libwrap"
2005 Jan 06
2
Feature-request: ip based access control (libwrap)
Is there plans to use libwrap
Or is there already some kind of access control i have missed??
What i really want is a mechanism so i can say:
If The request comes from "123.121.212.0" dont offer ssl and accept plain
else demand ssl and no plain
I now have this (almost) in another imap server by xinetd and two ip addresses.
I could solve this by iptables or access list on the router
2014 Jun 28
1
tftp-hpa 5.2
Hello everyone,
I am having difficulties in setting up a tftp server on a Fedora 3.14.8-200.fc20.x86_64.
Running tftp client to test the server functionality, a simple get from the terminal prompts 'Transfer timed out.' back.
The version is tftp-hpa 5.2, with remap, with tcpwrappers, unfortunately I am not able to find any log in the system journal.?
The server and related services appear
2015 May 20
5
Re-install libwrap in OpenSSH
On Wed, 20 May 2015 14:46:57 +0200
Peter Stuge <peter at stuge.se> wrote:
> Stephan von Krawczynski wrote:
> > it is pretty obvious
>
> I guess you're not only not subscribed to the development list, but
> you seem to also not have looked at the list archives.
>
> You can only seem like a troll if you act as if you know best but
> in fact you are wrong.
2023 Nov 09
2
2.8.1 build buglet: sockdebug.c
I am (belatedly) updating pkgsrc to 2.8.1 (+ bugfix).
(FWIW, I think a 2.8.1.1 or 2.8.2 immediately with the fix is in order.
>From a packaging viewpoint, the effort to update for a release is about
3 minutes plus time to adapt anythhing that has changed. So I'd much
rather have releases more often.)
In the pkgsrc build, nut finds tcp wrappers because they are part of the
base system.
2002 Jan 18
1
[patch] openssh 3.0.2p1: Libwrap gets linked in unnecessarily
Hello,
There is a small but annoying problem with linking libwrap in openssh.
The library is added to LIBS which makes it be linked in to all binaries.
This is unnecessary and leads to bogus dependencies if libwrap is a shared
library.
Following is a trivial fix that reserves a separate autoconf substitution
variable LIBWRAP, which is only used for sshd. Please apply.
Maciej
--
+
2015 May 20
5
Re-install libwrap in OpenSSH
Hello all,
after a useless discussion on the opensuse ML I had to find out that they
buried the removal news of libwrap last year in some half-sentence. So this is
unfortunately pretty late for the topic. Nevertheless it is pretty obvious
that you did not get any feedback from people using ssh over decades in
server-administration. Let me make a clear point: libwrap removal was a pretty
bad idea.
2008 Sep 03
1
ACLs, binding to an interface, and libwrap
All,
There was some discussion recently on Ubuntu Launchpad regarding the
bug in NUT 2.2.1 where it was not possible to connect with an accept-
all ACL:
https://bugs.launchpad.net/bugs/235653
The package was patched for the upcoming Ubuntu release (intrepid),
but the discussion drifted to the merits of application-level ACLs
(comment 11 and beyond).
Steve Langasek brings up a good point
2007 Sep 25
1
Samba and TCPWrappers
Good Morning,
I have a Centos 4.5 (x86_64) server running samba to share data with
windows users. We've been going through a security audit and the
following log entries were noted:
[2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
get_alias_user_groups: gid of user bendew doesn't exist. Check your /etc/passwd and /etc/group files
[2007/09/24 09:37:29, 1]
2008 Apr 24
3
TCPWrappers + Sendmail = not working
I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows:
/etc/hosts.allow
sendmail : 10.0.0.0/255.0.0.0
sendmail : LOCAL
/etc/hosts.deny
sendmail : ALL
When I try to connect to port 25 from an Internet host via telnet, the
server still responds as usual. The only difference I see is this in
my /var/log/maillog:
Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers
2007 Nov 14
1
libwrap-ing IMAP and POP logins
Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap.
In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap.
Of course, the option needs to be integrated into configure in the long run.
-------------- next part
2004 Jul 09
1
passing remote ip to pam
to improve forensic log info i want to set the PAM_RHOST value to the
remote ip (which pam logs as rhost=foo in failure messages). i didn't
look to see if anything has been done in this way on CVS because i'm still
on 0.99.10.6.
below is a bit of a hack. in some sense the remote_ip might make more
sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue
packet... but that
1999 Nov 22
1
tcp-wrappers not being used even w/ --with-tcp-wrappers
Howdy,
It seems that even when specifying the --with-tcp-wrappers configure
flag, the LIBWRAP define in config.h never gets #define'd and -lwrap
never gets added to LIBS in the Makefile. To make sure I wasn't
dealing with a stale configure file, I ran autoconf on configure.in
to roll a new configure. I also don't see anything wrong with the
--with-tcp-wrappers defined in
2011 Feb 09
4
Domain blacklisting
Hello,
I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny
acess to users who connect from certain domains/IP (google.com for instance
since in that case they gave their credentials to a third party).
My understanding is that I cannot use some negative form of "allow_nets". The
only mechanism I can think of is tcp_wrappers. However, dovecot documentation
mention
2001 Nov 14
5
X11 forwards and libwrap support
Hi!
Is there any reason why support for the libwrap code isn't included
in the X11 forwarding code? I'd like to restrict access to that
port.
How many applications would break if the tcp port
would be closed and only the unix-domain socket would be available?
It's true that x11 forwardings can be considered as a security
risk and they are disabled because of that by default.
I
2023 Nov 09
1
2.8.1 build buglet: sockdebug.c
Thanks, I think it would not hurt to add the variables into the source if
that helps?
A bit puzzled why it wants TCP wrappers though, the program is primarily
about the Unix socket access.
It can be used by end-users or more likely by developers for
troubleshooting; potentially for some automations that act like a NUT
driver. Not intended as a prime-time mechanism, but could have its uses...
As
2012 Jan 19
1
LMTP ignoring tcpwrappers
Hello,
we want to use dovecot LMTP for efficient mail delivery from our MX
servers (running postfix 2.8) to our storage servers (dovecot 2.0.17).
However, the one problem we see is the lack of access control when using
LMTP. It apears that every client in our network who has access to the
storage machines can drop a message in a Maildir of any user on that
storage server. To prevent this
2010 Nov 12
7
hwclock problem
Hi.
I run peridocally (from cron) on all of my machines
30 * * * * root /sbin/hwclock --systohc
All of those machines in question take their time via NTP
from the same local server, and that server gets its time
from a ntp pool.
Now I had to reboot a couple of them two days ago and to my surprise
all had problems with the time upon booting.
Here are the important files:
[root at XXXXXX ~]
2016 Dec 30
1
FreeBSD / dovecot 2.2.27 / libwrap
I have compiled dovecot2 for FreeBSD with the tcpwrap option.
A tcpwrap binary gets built and resides in the FreeBSD directory
/usr/local/libexec/dovecot
an examination of the compiled options (using the FreeBSD pkg install
dovecot2) confirms: LIBWRAP : on
yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap
I get the following logged error message:
20161229 17:02:49
2016 Dec 30
1
FreeBSD / dovecot 2.2.27 / libwrap
It works !
It was THAT easy !
Can you suggest how to replace the hair I pulled out ? :-)
On 2016-12-29 5:27 PM, Larry Rosenman wrote:
> login_access_sockets = tcpwrap
>
> service tcpwrap {
> unix_listener login/tcpwrap {
> group = $default_login_user
> mode = 0600
> user = $default_login_user
> }
> }
>
>
>
> On Thu, Dec 29, 2016 at
2011 Jun 14
1
leaving ports open for tftp
hey guys,
I have a really silly question for you! I just built a cobbler server that I am using to bare metal some boxes. But I am a bit n00b and need to figure out which ports to open in iptables.
Here's a start:
xinetd 2031 root 8u IPv4 94306 UDP *:tftp
in.tftpd 9203 root cwd DIR 253,0 4096 588097 /tftpboot