[CentOS] rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

Mon Jul 7 23:08:10 UTC 2008
William L. Maltby <CentOS4Bill at triad.rr.com>

On Mon, 2008-07-07 at 15:28 -0700, MHR wrote:
> On Mon, Jul 7, 2008 at 3:04 PM, William L. Maltby
> <CentOS4Bill at triad.rr.com> wrote:
> >
> > I figure you've probably checked this already, but is rcpwrappers
> > installed?
> 
> No, not on either system (what is rcpwrappers?).

A typoed tcpwrappers <*blush*>. I'm sorry for that.

> 
> > If so, are hosts.deny and hosts.allow setup good? I suspect
> > so - I think I saw you had some kind of successful connect earlier in
> > the thread.
> >
> They're fine.  In fact, sushi is in khan's /etc/hosts file explicitly,
> and khan thinks it's on ocroads.com:

That file is not related to tcpwrappers. The /etc/hosts.{allow,deny} are
effective if tcpwrappers is in use.

# rpm -q tcp_wrappers
tcp_wrappers-7.6-40.4.el5

IIRC, this is usually installed by default? It's almost become a
mandatory for increased security.

But as I mentioned, I'm not sure this is needed or in use since you did
have some kind of good connection.

JIC
-----------------------------------------------------
# rpm -q --info tcp_wrappers
<snip>
Summary     : A security tool which acts as a wrapper for TCP daemons.
Description :
The tcp_wrappers package provides small daemon programs which can
monitor and filter incoming requests for systat, finger, FTP, telnet,
rlogin, rsh, exec, tftp, talk and other network services.

Install the tcp_wrappers program if you need a security tool for
filtering incoming network services requests.
-----------------------------------------------------

Also, check out "man portmap" and "man rpcdebug". I don't know if
they'll help.

Oh! IJR, do this thing after running makewhatis as root.

$ man -k rpc
<snip useless stuff>
portmap              (8)  - DARPA port to RPC program number mapper
portmap             (rpm) - A program which manages RPC connections.
rpc                  (3)  - library routines for remote procedure calls
rpc                  (5)  - rpc program number data base
rpc.gssd [gssd]      (8)  - rpcsec_gss daemon
rpc.idmapd [idmapd]  (8)  - NFSv4 ID <-> Name Mapper
rpc.lockd [lockd]    (8)  - start kernel lockd process
rpc.mountd [mountd]  (8)  - NFS mount daemon
rpc.nfsd [nfsd]      (8)  - NFS server process
rpc.rquotad [rquotad] (8)  - remote quota server
rpc.statd [statd]    (8)  - NSM status monitor
rpc.svcgssd [svcgssd] (8)  - server-side rpcsec_gss daemon
rpcdebug             (8)  - set and clear NFS and RPC kernel debug flags
rpcinfo              (8)  - report RPC information

I can't recall if your problem is one of those "worked on 5.1 but
now..." problems. If so, maybe the prior had tcpwrappers setup and now
you don't?

> 
> [mrichter at khan mrichter]$ hostname -f
> khan.ocroads.com
> 
> > Have you run with the -d parameter?
> >
> 
> Nothing new (actually, nothing at all).
> 
> ?!?
> 
> mhr
> <snip sig stuff>

BTW, IUC, there are several points at which connection can be refused.
Service not running, firewall, tcpwrappers, ... that general purpose
daemon that dispatches programs for remote requests like ftp, that I
can't remember the name of ATM.

HTH
-- 
Bill