TCP wrappers not logging?
I recently opened up my SSH server to the world (so i can log in from outside my home network to my server). Did some reading up, found out TCP wrappers acts as an intermediary to decide whether or not a request for a given application gets acknowledged.
SSH logs authentication attempts to /var/log/auth.log. So far, so good. I tried logging in from work, got bounced. Found the entries in that file.
Today, I tried to log in again, got bounced (again ), however, no sign of it in auth.log. I wanted to check what TCP wrappers had to tell me about this, only to find out it (tcpd) does not seem to log anywhere? /etc/syslog-ng.conf has no tcpd entries.
Since the contents of syslog-ng.conf look a bit complicated, can someone enlighten me on how to add tcpd logging facilities to it, and also tell why is it not enabled by default?
The tcpd manual refers to the system logging utility for further info on its logs, and since it has no own config file, there doesn't seem to be a way to set up tcpd independently to log its activities somewhere.
B wrote:The thing is: i see the sshd entry in auth.log, which means tcp_wrappers allowed the connection to pass through (if not it should have never reached sshd, right?).
No. Sshd checks hosts.* rules by itself (via libwrap functions), and tcpd is never run. So, it is sshd which logs the connection, successful or not. See, there's an exempt from auth.log; the connection was refused because of hosts.* settings:
Jun 13 21:42:06 kreml sshd[19994]: refused connect from 87.207.23.75
B wrote:Last night there weren't even any entries in auth.log, so that's why I'd like to have tcp_wrappers logging the
attempts it bounces (if possible).
Maybe the connection wasn't refused by wrapper (leaving alone how called), but by some other means? Anyway, you won't find tcpd entries in logs nor syslogd configuration, it is rarely used nowadays, in favor of direct linking with libwrap.
Of course, I'm talking about Arch defaults here, you can arrange your config to make use of tcpd.
Similar Messages
-
I want to block all traffic except those rules listed in /etc/hosts.allow.
And I don't want nfs clients from anywhere to connect to my server.
But for some reason both of my configuration files are totally ignored by arch:
/etc/hosts.allow
/etc/hosts.deny
# /etc/hosts.allow
sshd: ALL
nfsd : 192.168.10.
portmap: ALL
mountd: ALL
httpd: ALL
mysqld: ALL : ALLOW
tor: ALL
# End of file
# /etc/hosts.deny
ALL: ALL: DENY
# End of file
Last edited by yassin (2008-04-10 20:43:45)#archlinux @ Freenode
[20:23] < yassin> http://bbs.archlinux.org/viewtopic.php?id=46907
[20:23] < yassin> any suggestions?
[20:26] < tomkx> yassin - yes. For those who can't/won't click your link, ask an intelligent question that
summarises your problem as briefly as possible, but with enough detail to enable anyone who's
interested to answer you without asking for more information
[20:26] < yassin> ok
[20:26] < yassin> my TCP wrappers isn't working, /ets/hosts.deny & /etc/hosts.allow are totally ignored
[20:29] < yassin> tomkx: well the problem is everyone can connect to every port
[20:29] < yassin> like as if TCP wrappers wouldn't be running
[20:30] < yassin> tomkx: for example I have in hosts.allow - nfsd : 192.168.10.
[20:31] < yassin> and in hosts.deny - ALL: ALL: DENY
[17:32] < yassin> tomkx: any ideas?
[17:35] < tomkx> yassin - I was expecting something like "but nfs clients from anywhere can connect to my
server". In other words, you haven't actually described a specific problem yet (and that includes
your forum post)
[17:36] < yassin> tomkx: good point there
[17:36] < yassin> well yes, that is pretty much the problem
[17:39] < yassin> tomkx: I updated the post now
[17:42] < yassin> tomkx: that's not really the problem if we are specific, since I've got the right
configurations, the problem is they are being ignored by arch
[17:43] < yassin> tomkx: so I'd say my problem description was correct: "TCP Wrappers not working"
Last edited by yassin (2008-04-10 20:50:57) -
TCP wrappers not supported in sshd?
It seems that support for tcp wrappers is not compiled into the sshd service for Mountain Lion. sshd ignores the contents of the "/etc/hosts.deny" file, that for example "denyhosts" produces. Why is this do you think, and is there some workaround? Seems like tcp wrappers have been supported forever, before Mountain Lion.
I consider this a really cheesy and hopefully very temporary workaround. It may not be recommended, use at your own risk, your universe may collapse into a black hole, etc., etc. But it worked.
If you still have a 10.7 install on another volume, you can copy the old sshd binary and missing libwrap library file to your 10.8 boot disk and run it. Quick and dirty run down (this is not detailed for those not versed in command line):
Pre) Make sure you stop the default sshd daemon via the sharing control panel. (Uncheck "Remote login.) Otherwise you will have a conflict on port 22 when you try to start the old.
1) Mount the 10.7 volume. For my example I'll call mine "Mac 10.7 HD"
2) sudo cp /Volumes/"Mac 10.7 HD"/usr/lib/libwrap.7.dylib /usr/lib/.
3) sudo cp /Volumes/"Mac 10.7 HD"/usr/sbin/sshd /usr/sbin/sshd2 (or "sshd-old" or whatever you like, just don't overwrite the exisitng sshd or you won't be able to revert later.)
4) sudo /usr/sbin/sshd2 (start the daemon)
Note you can't use the sharing control panel to control this version and if you wanted it start between reboots you would have to create a separate launchctl script for it.
Linc, another good lead, thanks. I probably should be spending my time looking around for alternatives than hacking away at my install. -
ORA-16191: Primary log shipping client not logged on standby.
Hi,
Please help me in the following scenario. I have two nodes ASM1 & ASM2 with RHEL4 U5 OS. On node ASM1 there is database ORCL using ASM diskgroups DATA & RECOVER and archive location is on '+RECOVER/orcl/'. On ASM2 node, I have to configure STDBYORCL (standby) database using ASM. I have taken the copy of database ORCL via RMAN, as per maximum availability architecture.
Then I have ftp'd all to ASM2 and put them on FS /u01/oradata. Have made all necessary changes in primary and standby database pfile and then perform the duplicate database for standby using RMAN in order to put the db files in desired diskgroups. I have mounted the standby database but unfortunately, log transport service is not working and archives are not getting shipped to standby host.
Here are all configuration details.
Primary database ORCL pfile:
[oracle@asm dbs]$ more initorcl.ora
stdbyorcl.__db_cache_size=251658240
orcl.__db_cache_size=226492416
stdbyorcl.__java_pool_size=4194304
orcl.__java_pool_size=4194304
stdbyorcl.__large_pool_size=4194304
orcl.__large_pool_size=4194304
stdbyorcl.__shared_pool_size=100663296
orcl.__shared_pool_size=125829120
stdbyorcl.__streams_pool_size=0
orcl.__streams_pool_size=0
*.audit_file_dest='/opt/oracle/admin/orcl/adump'
*.background_dump_dest='/opt/oracle/admin/orcl/bdump'
*.compatible='10.2.0.1.0'
*.control_files='+DATA/orcl/controlfile/current.270.665007729','+RECOVER/orcl/controlfile/current.262.665007731'
*.core_dump_dest='/opt/oracle/admin/orcl/cdump'
*.db_block_size=8192
*.db_create_file_dest='+DATA'
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='orcl'
*.db_recovery_file_dest='+RECOVER'
*.db_recovery_file_dest_size=3163553792
*.db_unique_name=orcl
*.fal_client=orcl
*.fal_server=stdbyorcl
*.instance_name='orcl'
*.job_queue_processes=10
*.log_archive_config='dg_config=(orcl,stdbyorcl)'
*.log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.log_archive_dest_2='SERVICE=stdbyorcl'
*.log_archive_dest_state_1='ENABLE'
*.log_archive_dest_state_2='ENABLE'
*.log_archive_format='%t_%s_%r.dbf'
*.open_cursors=300
*.pga_aggregate_target=121634816
*.processes=150
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=364904448
*.standby_file_management='AUTO'
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS'
*.user_dump_dest='/opt/oracle/admin/orcl/udump'
Standby database STDBYORCL pfile:
[oracle@asm2 dbs]$ more initstdbyorcl.ora
stdbyorcl.__db_cache_size=251658240
stdbyorcl.__java_pool_size=4194304
stdbyorcl.__large_pool_size=4194304
stdbyorcl.__shared_pool_size=100663296
stdbyorcl.__streams_pool_size=0
*.audit_file_dest='/opt/oracle/admin/stdbyorcl/adump'
*.background_dump_dest='/opt/oracle/admin/stdbyorcl/bdump'
*.compatible='10.2.0.1.0'
*.control_files='u01/oradata/stdbyorcl_control01.ctl'#Restore Controlfile
*.core_dump_dest='/opt/oracle/admin/stdbyorcl/cdump'
*.db_block_size=8192
*.db_create_file_dest='/u01/oradata'
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_name='orcl'
*.db_recovery_file_dest='+RECOVER'
*.db_recovery_file_dest_size=3163553792
*.db_unique_name=stdbyorcl
*.fal_client=stdbyorcl
*.fal_server=orcl
*.instance_name='stdbyorcl'
*.job_queue_processes=10
*.log_archive_config='dg_config=(orcl,stdbyorcl)'
*.log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.log_archive_dest_2='SERVICE=orcl'
*.log_archive_dest_state_1='ENABLE'
*.log_archive_dest_state_2='ENABLE'
*.log_archive_format='%t_%s_%r.dbf'
*.log_archive_start=TRUE
*.open_cursors=300
*.pga_aggregate_target=121634816
*.processes=150
*.remote_login_passwordfile='EXCLUSIVE'
*.sga_target=364904448
*.standby_archive_dest='LOCATION=USE_DB_RECOVERY_FILE_DEST'
*.standby_file_management='AUTO'
*.undo_management='AUTO'
*.undo_tablespace='UNDOTBS'
*.user_dump_dest='/opt/oracle/admin/stdbyorcl/udump'
db_file_name_convert=('+DATA/ORCL/DATAFILE','/u01/oradata','+RECOVER/ORCL/DATAFILE','/u01/oradata')
log_file_name_convert=('+DATA/ORCL/ONLINELOG','/u01/oradata','+RECOVER/ORCL/ONLINELOG','/u01/oradata')
Have configured the tns service on both the hosts and its working absolutely fine.
<p>
ASM1
=====
[oracle@asm dbs]$ tnsping stdbyorcl
</p>
<p>
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 19-SEP-2008 18:49:00
</p>
<p>
Copyright (c) 1997, 2005, Oracle. All rights reserved.
</p>
<p>
Used parameter files:
</p>
<p>
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.20)(PORT = 1521))) (CONNECT_DATA = (SID = stdbyorcl) (SERVER = DEDICATED)))
OK (30 msec)
ASM2
=====
</p>
<p>
[oracle@asm2 archive]$ tnsping orcl
</p>
<p>
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 19-SEP-2008 18:48:39
</p>
<p>
Copyright (c) 1997, 2005, Oracle. All rights reserved.
</p>
<p>
Used parameter files:
</p>
<p>
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.20.10)(PORT = 1521))) (CONNECT_DATA = (SID = orcl) (SERVER = DEDICATED)))
OK (30 msec)
Please guide where I am missing. Thanking you in anticipation.
Regards,
Ravish GargFollowing are the errors I am receiving as per alert log.
ORCL alert log:
Thu Sep 25 17:49:14 2008
ARCH: Possible network disconnect with primary database
Thu Sep 25 17:49:14 2008
Error 1031 received logging on to the standby
Thu Sep 25 17:49:14 2008
Errors in file /opt/oracle/admin/orcl/bdump/orcl_arc1_4825.trc:
ORA-01031: insufficient privileges
FAL[server, ARC1]: Error 1031 creating remote archivelog file 'STDBYORCL'
FAL[server, ARC1]: FAL archive failed, see trace file.
Thu Sep 25 17:49:14 2008
Errors in file /opt/oracle/admin/orcl/bdump/orcl_arc1_4825.trc:
ORA-16055: FAL request rejected
ARCH: FAL archive failed. Archiver continuing
Thu Sep 25 17:49:14 2008
ORACLE Instance orcl - Archival Error. Archiver continuing.
Thu Sep 25 17:49:44 2008
FAL[server]: Fail to queue the whole FAL gap
GAP - thread 1 sequence 40-40
DBID 1192788465 branch 665007733
Thu Sep 25 17:49:46 2008
Thread 1 advanced to log sequence 48
Current log# 2 seq# 48 mem# 0: +DATA/orcl/onlinelog/group_2.272.665007735
Current log# 2 seq# 48 mem# 1: +RECOVER/orcl/onlinelog/group_2.264.665007737
Thu Sep 25 17:55:43 2008
Shutting down archive processes
Thu Sep 25 17:55:48 2008
ARCH shutting down
ARC2: Archival stopped
STDBYORCL alert log:
==============
Thu Sep 25 17:49:27 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-01017: invalid username/password; logon denied
Thu Sep 25 17:49:27 2008
Error 1017 received logging on to the standby
Check that the primary and standby are using a password file
and remote_login_passwordfile is set to SHARED or EXCLUSIVE,
and that the SYS password is same in the password files.
returning error ORA-16191
It may be necessary to define the DB_ALLOWED_LOGON_VERSION
initialization parameter to the value "10". Check the
manual for information on this initialization parameter.
Thu Sep 25 17:49:27 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-16191: Primary log shipping client not logged on standby
PING[ARC0]: Heartbeat failed to connect to standby 'orcl'. Error is 16191.
Thu Sep 25 17:51:38 2008
FAL[client]: Failed to request gap sequence
GAP - thread 1 sequence 40-40
DBID 1192788465 branch 665007733
FAL[client]: All defined FAL servers have been attempted.
Check that the CONTROL_FILE_RECORD_KEEP_TIME initialization
parameter is defined to a value that is sufficiently large
enough to maintain adequate log switch information to resolve
archivelog gaps.
Thu Sep 25 17:55:16 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-01017: invalid username/password; logon denied
Thu Sep 25 17:55:16 2008
Error 1017 received logging on to the standby
Check that the primary and standby are using a password file
and remote_login_passwordfile is set to SHARED or EXCLUSIVE,
and that the SYS password is same in the password files.
returning error ORA-16191
It may be necessary to define the DB_ALLOWED_LOGON_VERSION
initialization parameter to the value "10". Check the
manual for information on this initialization parameter.
Thu Sep 25 17:55:16 2008
Errors in file /opt/oracle/admin/stdbyorcl/bdump/stdbyorcl_arc0_4813.trc:
ORA-16191: Primary log shipping client not logged on standby
PING[ARC0]: Heartbeat failed to connect to standby 'orcl'. Error is 16191.
Please suggest where I am missing.
Regards,
Ravish Garg -
How to enable TCP Wrappers with SMF services?
I am using a site.xml file to enable/disable services during a Jumpstart configuration. This works great.
However, I can't yet figure out how to configure the various properties of those services, such as enabling TCP Wrappers for a service. I can set the properties of a service and verify that they are set, but a "svccfg extract" does not capture that information.
Is this a short coming of svccfg extract? Or are the properties of a service stored and configured elsewhere?That will work, as will any path underneath
/var/svc/manifest.Got it working...Exported the inetd configuration, set tcp_wrappers to false, dropped inetd.xml into my jumpstart tree, jumped a box, and tcp_wrappers came up enabled by default for my inetd services!
What is the difference between the /var/svcs/profile and /var/svcs manifest directory? Is profile for enabling/disabling services and manifest for service configuration?
Does /var/svcs/profile/site.xml and /var/svcs/manifest/whatever.xml get read on every system boot? If not, what is the appropriate procedure to "reinitialize" smf if you want to change the existing behaviour by having it reread those files?
Hmm. The defaults get written on the inetd serviceI believe, so exporting that would give you the
fragment
you want.It did, and I was able to accomplish what I needed to do.
Sorry that it's such a slog in the meanwhile.Will there be something before FCS in a couple weeks?
I can definetly see the managability and robustness of SMF. It's just going to take time to learn it, and documentation is needed for that.
Thanks for all your help! -
Veritas and Solaris 9 bulitin tcp wrappers
Does anyone know if the tcp wrappers that is bulitin to the
Solaris 9 OS will work on non-Sun products?
We use veritas to backup our servers, each host has a number
of entries in the /etc/inet/inetd.conf file to execute portions of
the veritas backup suite.
Once we enabled tcp-wrappers on Solaris 9 systems
veritas would not run, disabling tcp-wrappers veritas
executes as it did before.
NOTE: we were using Wietsmans' tcp-wrappers self compiled and
executed from a non-standard location but the veritas
services lists in the /etc/inet/inetd.conf file were not wrapped
Comments/suggestions appreciated
JohnIf ENABLE_TCPWRAPPERS is on in /etc/default/inetd then all tcp connections get wrapped automatically. Even without a specific "tcpd" entry in /etc/inetd.conf...
So you will need to add specific entries for netbackup in /etc/hosts.allow and /etc/hosts.deny to allow the netbackup connections. -
Securing RPC services with TCP Wrappers
Hello All,
I have two node cluster running solaris 10. Since SVM needs few rpc services like metad,metamedd and metamhd, I dont want to disable them. But at the same time, wants to block them from outside world.
But readme page of TCP Wrappers (http://www.sunfreeware.com/README.tcpwrappers) says "The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration file". And other internet sources says same. So my question is this valid still?. Or it is possible to filter RPC services using TCP Wrappers.
When I tested this with following entries in /etc/hosts.allow and /etc/hosts.deny, my two nodes did not give any trouble after couple of reboots. SVM is working fine. So I wonder whether RPC services area really blocked (other than the local host) or not.
Content of /etc/hosts.deny
===========================
rpcbind: ALL : severity debug
rpc.metad: ALL : severity debug
rpc.metamhd: ALL : severity debug
rpc.metamedd: ALL : severity debug
rpc.metacld: ALL : severity debug
Content of /etc/hosts.allow
=======================================
rpcbind: KNOWN : severity debug
rpc.metad: localhost : severity debug
rpc.metamhd: localhost : severity debug
rpc.metamedd: localhost : severity debug
rpc.metacld: localhost : severity debug
Any hints/information regarding this will be really appreciated.Hello Mark,
Sorry that I missed to thank you in your last post.
If I get it right, The RPC bind program is used to maintain a table of dynamically allocated ports for RPC-based services.
From internet, "The file /etc/rpc contains a list of network services. Typically, when a remote machine wants to connect to one of those services on your machine, it first issues a query to the rpcbind program running on your computer. It knows the name of the services it wants to connect with, but doesn't know what port number to use. Your rpcbind will respond with a port number. The remote host will then attempt a connection to the specified port."
Also, Note that blocking rpcbind doesn't block access to the/etc/rpc services altogether. It does block access for those programs which do an rpcinfo query in order to reach those services. So other possible ways also exist to make remote connection without querying. Here lies the problem. I wanted to secure RPC services completely.
Coming to metad, it is true that ldd will result nothing related to libwrap*. But inetadm tells different story
inetadm -l /network/rpc/meta | grep -i wrap
default tcp_wrappers=TRUE
So encapsulating with tcpd should work for metad and other RPC services, I believe.
What is your opinion on this?. -
Get rid of tcp wrappers?
Hi!
I'm not sure this is the right forum, but I'll go with it anyways.
The first thing I noticed when beginning to fill up my newly installed Arch linux with software was that most of the networkrelated packages was compiled with tcp wrappers (ssh for example, but several others aswell).
I really don't like the usage of tcp wrappers. If I want security, I use iptables.
Is there a way to get rid of the entire tcp wrappers thing and still use the packages, or do I have to compile everything on my own?
Regards
/DiddiDaenyth wrote:Click
In other words, you'd have to recompile the packages. -
I'm unable to wrap the tftpd service on our system. The server is not denying tftp (get) requests from arbitrary Internet hosts, in spite of:
/etc/hosts.deny:
in.tftpd: ALL
TCP wrappers is enabled for tftpd:
# inetadm -l svc:/network/tftp/udp6:default
SCOPE NAME=VALUE
name="tftp"
endpoint_type="dgram"
proto="udp6"
isrpc=FALSE
wait=TRUE
exec="/usr/sbin/in.tftpd -s /tftpboot"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=TRUE
tcp_wrappers=TRUE
TCP wrappers is working properly for other services like sshd. The system is also up-to-date on all Solaris 10 patches.
Any suggestions?Note sshd has libwrap, and tftpd doesn't:
% ldd /usr/sbin/in.tftpd
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd5.so.1 => /usr/lib/libmd5.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libdoor.so.1 => /usr/lib/libdoor.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libm.so.2 => /usr/lib/libm.so.2
/platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V240/lib/libmd5_psr.so.1
% ldd /usr/lib/ssh/sshd
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libz.so.1 => /usr/lib/libz.so.1
libpam.so.1 => /usr/lib/libpam.so.1
libbsm.so.1 => /usr/lib/libbsm.so.1
libwrap.so.1 => /usr/sfw/lib/libwrap.so.1
libcrypto.so.0.9.7 => /usr/sfw/lib/libcrypto.so.0.9.7
libgss.so.1 => /usr/lib/libgss.so.1
libcmd.so.1 => /usr/lib/libcmd.so.1
libcontract.so.1 => /usr/lib/libcontract.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd5.so.1 => /usr/lib/libmd5.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libsecdb.so.1 => /usr/lib/libsecdb.so.1
libnvpair.so.1 => /usr/lib/libnvpair.so.1
libdoor.so.1 => /usr/lib/libdoor.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libm.so.2 => /usr/lib/libm.so.2
/platform/SUNW,Sun-Fire-V240/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V240/lib/libmd5_psr.so.1
My suggestion is to use the tcpd program. I don't think it comes with the default install (I can't find it) but it is in the Sun Freeware packages (/usr/sfw/sbin/tcpd) and it's easly to compile on your own. Then old school it into inetd:
tftp dgram udp6 wait root /usr/sfw/sbin/tcpd in.tftpd -s /tftpboot
Then inetconv it. -
Hi,
(Sorry for the [probably] duplicate thread; does anyone know how to search 'as a phrase' with PHPBB so I can find it if this has been mentioned before?)
TCP-wrappers (pacman package tcp_wrappers 7.6-6) does not seem to have IPv6 support. It kept saying "refused connect from 0.0.0.0" and after googling that (which does support phrase searching everything pointed to it being an IPv6/v4 issue. So, I disabled IPv6 in sshd (the service that was giving me trouble), and sure enough I started getting proper hostnames instead of 0.0.0.0 .
Pacman says my tcp_wrappers is up-to-date; is there another package source somewhere from which I can easily get the IPv6 version?
~Felix.Well, it's not on any of the Arch repos, if that's what you mean. You'd need to get the source tarball and build it yourself. Alternatively, you could post a request for it in the AUR Package Requests forum - someone might do a PKGBUILD for it.
-
Tcp wrappers /etc/hosts.allow format
since most of the services that were originally run from
the /etc/inet/inetd.conf file on pre-Solaris 10 systems
are now run from smf, what are the "in.*" service names
that should be placed in the /etc/hosts.allow file?
also is there a "safe_finger" available for use that can
be used in the /etc/hosts.deny file or should the
"standard" Solaris 10 finger be used?
Thankselasticdog wrote:So should our package not have the ListenAddress 0.0.0.0 line uncommented by default? My guess would be that since it listens on all local addresses by default, we're just overwriting that when specifying 0.0.0.0, which isn't valid. That was users don't have to specify their local IP address. Unless I'm wrong, shouldn't this be a bug/feature request for the packager?
This doesn't seem to be a package bug... IMHO, sshd must respect all the settings in hosts.deny and hosts.allow, regardless the IP address it listens on. The behaviour I noticed seems to be much more complicated. Basic settings (daemon name mentioned in hosts.*) worked, as far as I didn't want a "per IP" configuration. For example, including the daemon in hosts.allow really enabled remote connections, but any closer specifications (subdomains, EXCEPT operator...) were ignored. Access was simply granted without further evaluation. Excluding sshd from hosts.allow worked as one would assume. When I specified ListenAddress, everything started to work properly. This is mysterious. There are millions of computers using tcp wrappers and ssh, so it's hard to believe there could be a bug. -
Can not log on after successfull installation - SAP Netweaver Trial JAVA
Hello,
I have successfully downloaded and installed the NW Java trial. (NW_JAVA_700SP14_SR3.rar)
I can see in SAP MMC that all the services was started. At http://vjm:50000 I can see the default page.
Unfortunately I can not log on to any page that need SAP authentication (eg. User management, NW administrator),
but can log to pages which needs just basic browser authentication (eg: Web Service Navigator, UDDI client, System Information).
The portal also does not let me log on (http://vjm:50000/irj ).
When I get the standard SAP NW log on screen, after entering Administrator with the correct master password, simply the log on screen appears again (the password field is cleared). I also tried some incorrect user name / password just to check the difference. In that case I got the correct error message.
I installed the software with WMware, Windows 2003 server, allocated enough disk space and 1.6Gbyte RAM. The installation finished without errors. Prior, I installed the MS loopback too (tried without it too). In SAP MMC everything is green, only have an open alert in J2E 00 -> Services -> Security -> Aggregated Data -> Invalid session count "262 > 200 last reported value above treshold".
I am using the standard internet explorer coming with Win2003 server.
Tried the users: Administrator, SDM, Guest, ADSUSER. I know that the password is correct, because I don't get any error if I use it, just getting the log on screen back ...
Could anyone pls help me how can I log on to the system? Or is there any security trace file or log which could help me solve this problem?
I am desperately trying to install this trial, I completely reinstalled the software 5 times but still can not use it
LaszloHi,
is your problem persisting?
CAVE: If you use a wrong user/pw combination > 3 times the account of the user may be locked!
try j2ee_admin instead of administrator or try adm together with your Masterpassword
Do you have to specify the users pw inside the installation procedure? In "normal" installations this has to be done.
If not the pw´s in the documentation of the previous answer`may fix your problem.
The sap mmc is irrelevant for user authentication.
Green means your system is running, nothing else.
kind regards
Tom -
Admin can not log in after migration Teaming
Hello,
I did migrate Teaming 1.0.3 (SLES 10 SP2) to Teaming 2.1 (SLES 10 SP 2) on a different server according to information from this web site Novell Documentation
Everything worked with one exception admin account can not log in :(
The rest of the account works, but users are taken from LDAP.
I tried to use the old admin password as well as a new admin password set during installation Teaming 2.1
In catalina.out log I got:
WARN [http-9080-1] [org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl] - Authentication failure for zone 1: org.springframework.security.BadCredentialsExcepti on: Bad credentials; nested exception is org.kablink.teaming.security.authentication.Passwo rdDoesNotMatchException: Password does not match for user [kablink,admin]
I think that something has gone wrong with the admin account password after the migration but I do not know how to fix it.
I tried to change the password for the admin account directly in the database table but I do not know what hash algorithm is used by Teaming 2.1
Does anyone encountered such a problem?
How can I set a new password for the admin account directly in the MySQL database?
Best regards,
Piotr SzewczukOriginally Posted by pszewczuk
Hello,
I did migrate Teaming 1.0.3 (SLES 10 SP2) to Teaming 2.1 (SLES 10 SP 2) on a different server according to information from this web site Novell Documentation
Everything worked with one exception admin account can not log in :(
The rest of the account works, but users are taken from LDAP.
I tried to use the old admin password as well as a new admin password set during installation Teaming 2.1
In catalina.out log I got:
WARN [http-9080-1] [org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl] - Authentication failure for zone 1: org.springframework.security.BadCredentialsExcepti on: Bad credentials; nested exception is org.kablink.teaming.security.authentication.Passwo rdDoesNotMatchException: Password does not match for user [kablink,admin]
I think that something has gone wrong with the admin account password after the migration but I do not know how to fix it.
I tried to change the password for the admin account directly in the database table but I do not know what hash algorithm is used by Teaming 2.1
Does anyone encountered such a problem?
How can I set a new password for the admin account directly in the MySQL database?
Best regards,
Piotr Szewczuk
I **think** that hash is specified in the installer.xml file. Try also to post your question on the kablink forum: Installation, Configuration, Customization -
Can not log in another Blackberry ID in the same BB device
Can not log in another Blackberry ID eventhough I have already sign out(and wipe out data automatically) previsous
Blackberry ID from the same the device.
Please someone kindly assist ASAP.
PS. Do I need to deassociate both via device & email?kkawin45 wrote:
Can not log in another Blackberry ID eventhough I have already sign out(and wipe out data automatically) previsous
Blackberry ID from the same the device.
Please someone kindly assist ASAP.
PS. Do I need to deassociate both via device & email?
Hello kkawin45
Welcome to BlackBerry Support Forums
You cannot use multiple BlackBerry ID on your BlackBerry 9900 at a same time ! On BlackBerry 7 devices BlackBerry ID is deep integrated with our device . If you want to use a new BlackBerry ID then perform a security wipe , while wiping be sure to Mark everything ( User Installed application , Emails ) but after a full backup .
Refer to this KB Article for help :
KB26694 : How to change the BlackBerry ID on a BlackBerry PlayBook tablet or BlackBerry smartphone
Click " Like " if you want to Thank someone.
If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it. -
Pro*C and not logged in error
Hi,
i tried rewriting the sample1.pc code so i could test it on a
client machine connecting to a DB host.
this is what CONNECT looks like:
EXEC SQL CONNECT :username IDENTIFIED BY :password
AT :hostname USING :dbsid;
then when i run:
[oracle@xonos proc]$ ./sample1
Connected to ORACLE as user: SCOTT
Enter employee number (0 to quit): 7900
ORACLE error--
ORA-01012: not logged on
i can run:
sqlplus scott/tiger@obiwan (obiwan is my DB server name)
it works fine.
any info would be most helpful.
thanks ahead of time,
-- adam
nullwell, i find an Pro*C book and i saw what i was doing wrong.
the "using" is the host name, but i still do not know what "at"
is for, but i got more program working....
Adam (guest) wrote:
: Hi,
: i tried rewriting the sample1.pc code so i could test it on a
: client machine connecting to a DB host.
: this is what CONNECT looks like:
: EXEC SQL CONNECT :username IDENTIFIED BY :password
: AT :hostname USING :dbsid;
: then when i run:
: [oracle@xonos proc]$ ./sample1
: Connected to ORACLE as user: SCOTT
: Enter employee number (0 to quit): 7900
: ORACLE error--
: ORA-01012: not logged on
: i can run:
: sqlplus scott/tiger@obiwan (obiwan is my DB server name)
: it works fine.
: any info would be most helpful.
: thanks ahead of time,
: -- adam
null
Maybe you are looking for
-
Smartform: Formatting Problem with QUAN-Field
I want to print a smartform and get exception 1 (formatting error). With function SSF_READ_ERRORS I get an error table. There is on entry: errnumber = 020011, msgid = SSFCOMPOSER, msgty = E, msgno = 601, msgv1 = wa_outtab-menge. It seems to be a form
-
Hi all I have opened an application say MSWORD from my java class using Runtime.getRuntime(), Now on close button i need to close the application and on the save button of the application i even want to save the application from java command The ques
-
Solaris 10 software 5 disc ?
i've succeeded in installing solaris 10. i am now stuck in a loop. when starting up, the solaris install always starts and want the software 5 disk to continue. i've put in every disk i have, but nothing seems to satisfy the installer so it can conti
-
Hi - I've searched to find some info on which Anti Virus to get for use with XP using Bootcamp. My first MAC should arrive in the next few days I know now not to install Norton and also what "free" program to use on the MAC side. I'm sorry if I've po
-
ColdFusion 9 - The event viewer gives me this error.
The event viewer gives me this error. Name of the application causing the error: JNBDotNetSide.exe Version: 5.10.3764.40502, Time Stamp: 0x4bd1305c Name of the module causing the error: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0