Date: Wed, 21 Jul 1999 09:27:28 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Greg Skafte <skafte@worldgate.ca> Cc: freebsd-questions@freebsd.org Subject: Re: problems with the integrated tcp-wrappers. Message-ID: <17051.932542048@axl.noc.iafrica.com> In-Reply-To: Your message of "Tue, 20 Jul 1999 17:33:24 CST." <37950744.87BD34A9@worldgate.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Hijacked from freebsd-hackers ]
On Tue, 20 Jul 1999 17:33:24 CST, Greg Skafte wrote:
> I've just recently switched from using the tcpwrappers port to the
> native tcpwrappers implemention
>
> the following config entries worked on the port but are not working with
> the native
I've tested the spawn option using a standalone sshd daemon and both of
the following two configurations work as expected (on their own, not in
conjunction):
sshd: ALL : \
spawn (/usr/bin/mail -s "sshd request from %h" sheldonh <dev/null) & \
: DENY
sshd: ALL : \
spawn (/usr/bin/mail -s "sshd request from %h" sheldonh <dev/null) & \
: ALLOW
Are you perhaps running sshd out of inetd? You don't need to. Build the
port and make sure it links against the base system's libwrap and the
standalone sshd will grok /etc/hosts.allow just fine.
As for using the spawn option for services launched out of inetd, it's
definitely a problem. If you look in your /var/log/messages, you'll
probably see lots of these:
Jul 21 09:19:53 axl inetd[16995]: write: Bad file descriptor
I'm looking at that. I suspect it may be a bug I introduced while trying
to squish the "inetd leaves children lying about" bug.
Ciao,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17051.932542048>