Date: Wed, 4 Apr 2001 23:24:22 -0500 (CDT) From: Brennan Stehling <brennan@offwhite.net> To: freebsd-questions@freebsd.org Subject: custom inetd service Message-ID: <Pine.BSF.4.21.0104042259120.76136-100000@home.offwhite.net>
next in thread | raw e-mail | index | archive | help
I had a friend who has been slowly converting over to FreeBSD ask me about
doing some interesting maintenance on multiple systems. He is managing a
few servers that should have a syncronized configuration. I believe it is
for firewalls. He is a Network Admin.
What he wanted to know is if there is a way to enter a change on one
system and have that take affect right away on the other systems
instantly. I do not believe that NIS would be appropriate here. Here is
what I thought would be a good solution, but I would need to learn a
couple things first.
What I could do is write a perl script which can take a remote request
which would come in through inetd and invoke this script to fulfill
the request. Since it is going through inetd I could /etc/hosts.allow to
control access. Then on the root system he would run the client script
and make his request and it would open a connection to the remote servers
and attempt to send the request. I suppose I could have a config file
which would list all hosts which would be a part of this distributed
configuration.
So I need to learn about 2 key parts and would like any opinions on this
implementation. If you have a better way to do it, I would be happy to
read your suggestion.
Here are the 2 things I need to learn:
1) How does the script get picked up by inetd? The inetd process will
listen on the port that I set up, but how does the script do the rest? I
suppose the script should open a socket for reading and writing, but I am
confused on what port it should be communicating. I am confused in
general in this area.
2) How do I classify the custom service so that I can enter access control
in /etc/hosts.allow? I believe like with a service like telnetd I can
simply use the name of the script as the name I enter in the hosts.allow
file. But still yet, I am unsure if that does the whole job. It seems
that tcpwrappers have been integrated nicely into most daemon processes
lately and they may link into shared libraries which check for
authentication and authorization. But inetd itself may be doing that. I
am hoping inetd is doing the work for me so my script can be dumb and
simply do it's thing.
I will try to find any information on this topic, but it seems to be an
uncommon thing. I may not find much which will help me.
Brennan Stehling - software developer and system administrator
my projects:
home.offwhite.net (free personal hosting)
www.greasydaemon.com (bsd search)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104042259120.76136-100000>