Snort mailing list archives
Re: Wrappers
From: JPP <jpp () frws com>
Date: Tue, 06 Nov 2001 15:04:52 -0700
Well Consensus seems to be to add sshd to inetd.conf (which I did not do) The reason I even tried in the first place was that I had read somewhere that xinetd and SSH did not play well together. So, all I did was copy the inetd app from the older RH machine to the newer ones, and added the sshd: lines to the hosts. files and fired up inetd No additions to the inetd.conf file and just used the SSH right out of the RPM (though I did rebuild one or 2 when some of the exploits for SSH were announced - but nothing special aside from MAYBE wrapper support). I will look into exactly what I added and did not add, but I know I did not add anything to inetd.conf nor to xinetd.conf (they both work well together and apart, btw). Will post what I find out for ya'all. JPP Skip Carter wrote:
Using Xinetd set to use hosts.allow and hosts.deny (in particular), I have found on RedHat 7.x systems that using these files to regulate SSH connections works quite well. Adding to hosts.deny: ALL: ALL Will indeed stop SSH connections as well as everything else that uses these wrappers (least for me it does!) I add: SSHD: Some.IP.Range. or.some.ip.address to hosts.allow and I get access once more. I may be far off base here - but it indeed works in my case. Give it a try. May work for you also. And possibly some kind soul can explain why SSH is regulated this way without being added to any conf file ...With the appropriate entry in inetd.conf or /etc/xinetd.d SSH and httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of the Linux distro). BUT, in both of these cases there is a significant program startup overhead involved, so its really not a very good idea for these programs unless these startup delays can be tolerated in your network environment. -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers Chris Green (Nov 06)
- <Possible follow-ups>
- RE: Wrappers Kevin Brown (Nov 06)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers Skip Carter (Nov 06)
- Re: Wrappers JPP (Nov 06)
- RE: Wrappers Benjamin W. Ritcey (Nov 07)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- RE: Wrappers Wells, Kenneth L (Nov 06)
- RE: Wrappers Demetri Mouratis (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 07)
- RE: Wrappers Chris Eidem (Nov 06)