[CentOS] Re: Re: Re: Re: Re: What libs req'd toresolveDNSwithinachrootjail?

Tue Jan 15 20:22:16 UTC 2008
Mike Kercher <mike at vesol.com>

 

________________________________

From: centos-bounces at centos.org on behalf of Eric B.
Sent: Tue 1/15/2008 11:39 AM
To: centos at centos.org
Subject: [CentOS] Re: Re: Re: Re: Re: What libs req'd
toresolveDNSwithinachrootjail?



>
> > > Can you post your complete hosts.allow and hosts.deny files?
> >
> > Not much to them actually:
> > /chroot/tftpd/etc/hosts.allow:
> > #
> > # hosts.allow   This file describes the names of the hosts which are
> > #               allowed to use the local INET services, as decided
> > #               by the '/usr/sbin/tcpd' server.
> > #
> > in.tftpd : eric.test.com : allow
> >
> > /chroot/tftpd/etc/hosts.deny:
> > #
> > # hosts.deny    This file describes the names of the hosts which are
> > #               *not* allowed to use the local INET services,
> > as decided
> > #               by the '/usr/sbin/tcpd' server.
> > #
> > in.tftpd : ALL : deny
> >
> >
> >
> > Again, I have concerns that I might be missing something in
> > my chroot jail, but when I change my hosts.allow file to read
> > the following, it works fine.
> > in.tftpd: 192.168.3.103 : allow
> >
> > So I am utterly and totally confused.  I keep thinking that
> > there must be something DNS related that I need in the chroot
> > jail that I am missing.
> > I do have a /chroot/tftpd/etc/resolv.conf with the nameserver
> > entry that points to the DNS server, and all files in my
> > /chroot/tftpd/etc dir are world readable.  I also have a
> > /chroot/tftpd/etc/hosts file (that is pretty much empty -
> > just a line for 127.0.0.1).
> >
> > # ls -l /chroot/tftpd/etc
> > -rw-r--r--  1 root root   148 Jan 14 17:53 hosts
> > -rw-r--r--  1 root root   417 Jan 14 17:37 hosts.allow
> > -rw-r--r--  1 root root   370 Jan 13 12:13 hosts.deny
> > -rw-r--r--  1 root root  1267 Jan 12 21:43 localtime
> > -rw-r--r--  1 root root  1686 Jan 12 15:50 nsswitch.conf
> > -rw-r--r--  1 root root    86 Jan 14 17:52 resolv.conf
> > -rw-r--r--  1 root root 20373 Jan 12 15:47 services
> >
> >
> > Is there anything else I need that I am missing?  Either
> > config file or lib?
> >
> > Any suggestions of things I can try?
> >
> > Thanks,
> >
> > Eric
> >
>
> Something I found:
>
> 15.2.3.2. Access Control
>
> Option fields also allow administrators to explicitly allow or deny
> hosts in a single rule by adding the allow or deny directive as the
> final option.
>
> For instance, the following two rules allow SSH connections from
> client-1.example.com, but deny connections from client-2.example.com:
>
> sshd : client-1.example.com : allow
> sshd : client-2.example.com : deny
>
> By allowing access control on a per-rule basis, the option field
allows
> administrators to consolidate all access rules into a single file:
> either hosts.allow or hosts.deny. Some consider this an easier way of
> organizing access rules.
>
> Conceivably, you could put all rules into one file (hosts.allow
maybe).
> See if that helps..

Just tried putting everything in the hosts.allow but didn't make any
difference.  Tried also in the hosts.deny bu no success either.

Where did you find that reference?  What does 15.2.3.2 point to?

Any other ideas / theories?

_______________________________

 

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwr
appers-access.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 7188 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080115/4334e940/attachment-0005.bin>