[Snort-users] Wrappers

JPP jpp at ...1565...
Tue Nov 6 14:05:04 EST 2001


Consensus seems to be to add sshd to inetd.conf (which I did not do)
The reason I even tried in the first place was that I had read somewhere
that xinetd and SSH did not play well together.
So, all I did was copy the inetd app from the older RH machine to the
newer ones, and added the sshd: lines to the hosts. files and fired up
No additions to the inetd.conf file and just used the SSH right out of
the RPM (though I did rebuild one or 2 when some of the exploits for SSH
were announced - but nothing special aside from MAYBE wrapper support).

I will look into exactly what I added and did not add, but I know I did
not add anything to inetd.conf nor to xinetd.conf (they both work well
together and apart, btw).

Will post what I  find out for ya'all.


Skip Carter wrote:
> > Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
> > have found on RedHat 7.x systems that using these files to regulate SSH
> > connections works quite well.
> >
> > Adding to hosts.deny:
> > ALL: ALL
> >
> > Will indeed stop SSH connections as well as everything else that uses
> > these wrappers (least for me it does!)
> >
> > I add:
> > SSHD:  Some.IP.Range. or.some.ip.address
> >
> > to hosts.allow and I get access once more.
> >
> > I may be far off base here - but it indeed works in my case. Give it a
> > try. May work for you also. And possibly some kind soul can explain why
> > SSH is regulated this way without being added to any conf file ...
>   With the appropriate entry in inetd.conf or /etc/xinetd.d   SSH and
>   httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of
>   the Linux distro).  BUT, in both of these cases there is a significant
>   program startup overhead involved, so its really not a very good idea
>   for these programs unless these startup delays can be tolerated in
>   your network environment.
> --
>  Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
>  Taygeta Scientific Inc.        INTERNET: skip at ...1552...
>  1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
>  Monterey, CA. 93940
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list