Date: Wed, 4 Apr 2001 23:24:22 -0500 (CDT) From: Brennan Stehling <brennan@offwhite.net> To: freebsd-questions@freebsd.org Subject: custom inetd service Message-ID: <Pine.BSF.4.21.0104042259120.76136-100000@home.offwhite.net>
next in thread | raw e-mail | index | archive | help
I had a friend who has been slowly converting over to FreeBSD ask me about doing some interesting maintenance on multiple systems. He is managing a few servers that should have a syncronized configuration. I believe it is for firewalls. He is a Network Admin. What he wanted to know is if there is a way to enter a change on one system and have that take affect right away on the other systems instantly. I do not believe that NIS would be appropriate here. Here is what I thought would be a good solution, but I would need to learn a couple things first. What I could do is write a perl script which can take a remote request which would come in through inetd and invoke this script to fulfill the request. Since it is going through inetd I could /etc/hosts.allow to control access. Then on the root system he would run the client script and make his request and it would open a connection to the remote servers and attempt to send the request. I suppose I could have a config file which would list all hosts which would be a part of this distributed configuration. So I need to learn about 2 key parts and would like any opinions on this implementation. If you have a better way to do it, I would be happy to read your suggestion. Here are the 2 things I need to learn: 1) How does the script get picked up by inetd? The inetd process will listen on the port that I set up, but how does the script do the rest? I suppose the script should open a socket for reading and writing, but I am confused on what port it should be communicating. I am confused in general in this area. 2) How do I classify the custom service so that I can enter access control in /etc/hosts.allow? I believe like with a service like telnetd I can simply use the name of the script as the name I enter in the hosts.allow file. But still yet, I am unsure if that does the whole job. It seems that tcpwrappers have been integrated nicely into most daemon processes lately and they may link into shared libraries which check for authentication and authorization. But inetd itself may be doing that. I am hoping inetd is doing the work for me so my script can be dumb and simply do it's thing. I will try to find any information on this topic, but it seems to be an uncommon thing. I may not find much which will help me. Brennan Stehling - software developer and system administrator my projects: home.offwhite.net (free personal hosting) www.greasydaemon.com (bsd search) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104042259120.76136-100000>