From: Brent Bailey (mrb@bmyster.com)
Date: Mon Sep 22 2003 - 16:31:23 EDT
IM trying to install tcp wrappers on 5.7 solaris...and it doesnt appear to
be working. i followed this howto: the compiling seemed to go well no
error..ive copied the tcpd binary to /usr/sbin and edited /etc/inetd.conf
and restarted inetd. still not working ... no logging on /var/log/syslog
or messages ...however i did hapen to notice in the logs
Sep 22 16:10:46 core2 inetd[29419]: ISTATE not in environment
im not sure what this means ..but its definatly related to inetd.
anyone have any ideas ?? Any and all help is very appreciated.
##################################################
Installing TCP Wrappers
1. Download the source code:
The source of TCP Wrappers is available from
ftp://ftp.cerias.purdue.edu/pub/tools/unix/netutils/tcp_wrappers/. At the
time of writing, the latest version is V7.6 and the source code is
provided as a compressed tar archive in the file tcp_wrappers_7.6.tar.gz.
This version is suitable for Solaris 7 and earlier but not for Solaris 8.
Solaris 8 contains support for IPv6 and the standard TCP wrappers program
is not yet compatible with the IPv6 implementation in Solaris 8. However,
Casper Dik, a Network Security Engineer with Sun Microsystems, has
modified the standard version 7.6 to make it compatible with Solaris 8 and
has kindly made his modified version available at
ftp://playground.sun.com/pub/casper in the file
tcp_wrappers_7.6-ipv6.tar.gz.
Download the appropriate version to a temporary directory, such as /tmp.
2. Prepare the source code for compilation:
In Solaris 7:
Make a directory at a convenient point in the file system to hold the
source code and copy the source into this directory. For example:
# mkdir -p /opt/source/TCPwrappers
# cd /opt/source/TCPwrappers
# cp /tmp/tcp_wrappers_7.6.tar.gz .
Unzip and untar the source and then change to the directory created by tar:
# gunzip tcp*
# tar xvf tcp*
# cd tcp_wrappers_7.6
In Solaris 8:
Make a directory at a convenient point in the file system to hold the
source code and copy the source into this directory. For example:
# mkdir -p /opt/source/TCPwrappers
# cd /opt/source/TCPwrappers
# cp /tmp/tcp_wrappers_7.6-ipv6.tar.gz .
Unzip and untar the source and then change to the directory created by tar:
# gunzip tcp*
# tar xvf tcp*
# cd tcp_wrappers_7.6-ipv6
At this point, you may like to have a look at the README file which
contains a list of features, a tutorial and installation instructions.
3. Compile the source code:
First, you need to edit the Makefile in the tcp_wrappers_7.6 directory
(Solaris 7) or in the tcp_wrappers_7.6-ipv6 directory (Solaris 8) to tell
it where it find most of the daemons started by inetd. Unless you've
purchased Sun's expensive C compiler, you also need to tell the
compilation process to use the gcc compiler instead. Edit Makefile and
look for the two lines:
# SysV.4 Solaris 2.x OSF AIX
#REAL_DAEMON_DIR=/usr/sbin
and remove the comment (#) sign from the seond of these two lines, so that
it reads:
REAL_DAEMON_DIR=/usr/sbin
Then look for the lines:
# SunOS 5.x is another SYSV4 variant.
sunos5:
@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" all
and change the fourth of these lines to read:
LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv CC=gcc VSYSLOG= \
If you're installing Casper Dik's version on Solaris 8, also look for the
lines:
###############################################################
# System dependencies: whether or not your system has IPV6
#
# If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
# comment out the following (Solaris 8)
#IPV6 = -DHAVE_IPV6
and remove the comment (#) sign from the last of these lines, so that it
reads:
IPV6 = -DHAVE_IPV6
Finally, compile the source code:
# make sunos5
4. Install TCP Wrappers:
Installing TCP Wrappers is a manual process. There are several programs
compiled by the "make" process and the main one is tcpd. The others are
described in the README file but won't be covered further here.
Copy the tcpd program into the /usr/sbin directory:
# cp tcpd /usr/sbin
and edit inetd's configuration file, /etc/inetd.conf, to use the new tcpd
program. First, save the original file:
# cd /etc
# cp inetd.conf inetd.conf.original
Then edit /etc/inetd.conf, making the following changes:
Each non-commented line in this file consists of a service name, several
attributes of the service and, in the sixth field of the line, the name of
the program which inetd should start to process an incoming request for
the service. Where this program name is of the form "/usr/sbin/some
program name", change it to read "/usr/sbin/tcpd". For example, the line
which reads:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
in Solaris 7 should be changed so that it reads:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
Note that the protocol field, "tcp", appears in some of these entries on
Solaris 8 as "tcp6". This is part of the IPv6 support in Solaris 8.
Make this change in the lines which start ftp, telnet, name, shell, login,
exec, comsat, talk, uucp, #tftp, finger, #systat, #netstat and kerbd.
That takes care of most of the inetd services but there are some where the
program to be started by inetd lives somewhere other than in /usr/sbin.
For these lines in the file, insert the absolute path-name as the
parameter to /usr/sbin/tcpd. For example, the line which reads:
rusersd/2-3 tli rpc/datagram_v,circuit_v wait root
/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd
should be changed so that it reads:
rusersd/2-3 tli rpc/datagram_v,circuit_v wait root
/usr/sbin/tcpd /usr/lib/netsvc/rusers/rpc.rusersd
Make this change in the lines which start rusersd, sprayd, walld, rstatd
and printer.
Tell inetd that its configuration file has changed:
# pkill -HUP inetd
and that completes the installation of TCP Wrappers.
-- Brent Bailey CCNA Bmyster LLC Computer Networking and Webhosting Network Engineer, Webmaster, President http://www.bmyster.com mrb@bmyster.com 207-247-8330 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:09 EDT