[Eug-lug] Wrapping for Access Control
Jeff_W
beaker at freeshell.org
Fri Jan 21 23:06:13 PST 2005
larry price <laprice at gmail.com> wrote:
> What are you telling PyGopherd to listen to?
Here's the pertinent lines from /etc/services & /etc/inetd.conf:
% grep -h py /etc/inetd.conf /etc/services
# added for TCP Wrappers control of pygopherd - beaker: 1/20/2005
pygopherd stream tcp nowait root /usr/pkg/bin/pygopherd pygopherd
# added for TCP Wrappers control of pygopherd - beaker: 1/20/2005
pygopherd 7070/tcp # PYGopherd server
*The server defaults to a chrooted /var/gopher directory and
runs as user:group "gopher:gopher" - a non-existent user w/ no login.
I should mention that when I use the tcpdchk & tcpmatch tools
everything appears to work (allow LAN hosts; deny outsiders):
beaker at bsdbox: [25] tcpdmatch pygopherd lan_host
tcpdmatch pygopherd lan_host
warning: lan_host: hostname nor servname provided, or not known
client: hostname lan_host
client: address 192.168.2.5
server: process pygopherd
matched: /etc/hosts.allow line 10
access: granted
beaker at bsdbox: [26] tcpdmatch pygopherd euglug.org
tcpdmatch pygopherd euglug.org
warning: euglug.org: hostname nor servname provided, or not known
client: hostname euglug.org
client: address 207.189.131.194
server: process pygopherd
matched: /etc/hosts.deny line 8
option: twist echo "Sorry - no access for you"
access: delegated
I noticed that the "stock" TCP Wrappers is available in the
NetBSD pkgsrc tree; maybe I should install that and try again...
> You could tell it to listen on a unix socket and have inetd pass the
> connection that way.
How would I do this?
-Jeff
More information about the EUGLUG
mailing list