Learning Solaris 10 » TCP-Wrappers on Solaris 10

Posted on Wednesday, March 16th, 2005 at 5:31 pm. About s10 stories, SMF, Security.

TCP-Wrappers on Solaris 10

Sale Celexa Natural Prednisone Shipping Where To Get Ultram Comparison Female Viagra Testimonials Where To Get Aldactone NoRX Natural Elimite Get High Natural Hoodia High Doses Generic Cytotec Annapolis Where Order Antabuse Comparison Tramadol Weight Nolvadex Shipping Where Order Accutane Equivalent Online Nolvadex Price For Zelnorm Weight Natural Phentrimine NoRX Doxycycline Equivalent Generic Ultram Get High Where Order Female Viagra Comparison Buy Flomax BatonRouge Price For Zelnorm Germany Purchase Toprol XL OklahomaCity Purchase Accutane Concord Price For Inderal Proper Dosage Generic Aldactone Boise Where To Get Avapro Prescription Antabuse Antabuse Effects Where Order Accutane For Add Price For Zithromax Cheapest Pills Where Order Lotrisone Age Norvasc Faq Purchase Elimite Topeka Where To Get VPXL Swaziland Where Order Cipro Proper Dosage Generic Lasix Tablets Inderal RX Cymbalta Faq Where To Get Celexa Germany Topamax Prescription Price For Zithromax Weight Elimite Tablets Purchase Norvasc OklahomaCity Price For Aldactone Get High Nizoral Testimonials Purchase Aricept BatonRouge Elavil Delivery Lasix With Visa Herbal Penisole High Doses Where Order Doxycycline United Kingdom Purchase Phentrimine Boise

One of the nice properties about SMF is that it standardizes the way you configure services. In the end, having to know the location and format of all the config files for all the services has always been difficult. Providing a documented and standard way to configure services is a nice but quite long term objective. Do you imagine a Solaris box without a syslog.conf, vfstab or inetd.conf ? (Well, if you want to see one without inetd.conf, just check a S10 box…)

In search of another example of a configuration parameter that was moved from a private config file to the SMF repository, I came across the TCP Wrapper feature.

TCP Wrapper is an old functionality that is controlling the remote access to a bunch of network server daemons based on IP addresses, hostnames, domain names,… The files /etc/hosts.deny and /etc/hosts.allow determine if the client can access the server daemon.
TCP Wrapper functionality is integrated in Solaris since release 9 with 2 main services. SSH has got built-in calls to the Wrapper library so that the functionality is always enabled. For inetd based services, the functionality is disabled by default and must be enabled manually by editing the file /etc/default/inetd.
In Solaris 10, this file has been moved to the SMF repository, along with most inetd related business.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean false

You can now enable the Wrappers for all inetd based services by issuing the command :
# svccfg -s inetd setprop defaults/tcp_wrappers=true

# svcadm refresh inetd
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true

You can also modify the same flag for each individual service, for instance using inetadm :
# inetadm -m telnet tcp_wrappers=false

TCP-Wrappers would then be enabled for all inetd services but telnet.

Last note to say that two more services have now been made TCP-Wrappers aware : sendmail ( always enabled ) and rpcbind (configurable using rpc/bind property ‘config/enable_tcpwrappers’).

Learning Solaris 10 Check out the Zones F.A.Q. !

TCP-Wrappers on Solaris 10

One response to 'TCP-Wrappers on Solaris 10'.

Leave a Comment