Re: [Bastille-linux-discuss] xinetd & libwrap: more issues
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] xinetd & libwrap: more issues
|
From: Peter W <pe...@us...> - 2001-05-18 19:20:27
|
On Fri, May 18, 2001 at 11:54:24AM -0700, Brian Sweeney wrote: > As a side not to this, I've noticed that xinetd doesn't seem to like the > #Bastille comment added to the xinetd config files on the lines that set > NOLIBWRAP. Whenever it starts, it errors with > > xinetd[1871]: Bad service flag: Bastille: [line=14] > xinetd[1871]: Bad service flag: ignore [line=14] > xinetd[1871]: Bad service flag: hosts.allow [line=14] This has already been fixed in CVS and later rc candidates: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/bastille-linux/dev/1.2.x/Bastille/Bastille/SecureInetd.pm.diff?r1=text&tr1=1.14&r2=text&tr2=1.15&diff_format=u New issues: - the libwrap code in RHAT 7.0 xinetd does not like the inline comment on the finger DENY line in hosts.allow (fixed in CVS) http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/bastille-linux/dev/1.2.x/Bastille/Bastille/SecureInetd.pm.diff?r1=text&tr1=1.15&r2=text&tr2=1.16&diff_format=u - Red Hat 7.0 does not honor NOLIBWRAP in xinetd configs (fortunately this does not _seem_ to cause problems) - RHAT 7.0 does not have "disable" lines in all xinetd configs but it does have "server" lines I think this repoens the discussion about trying to force people to use xinetd "only_from"/"no_access"/etc. instead of hosts.allow. Maybe we should rip out all the xinetd "flags" and "no_access" changes and simply edit hosts.allow Jay, whaddya say? -Peter |
