[sclug] Hosts.deny for NFS deny on Redhat Ent 4 update 4
Matt Dainty
matt at bodgit-n-scarper.com
Wed Apr 18 14:07:52 UTC 2007
* Alex Butcher <lug at assursys.co.uk> [2007-04-18 14:56:27]:
>
> 2) Check whether all NFS-related services have been linked against
> TCP_WRAPPERS;
>
> # strings /sbin/portmap | grep -i hosts
> [...]
> /etc/hosts.allow
> /etc/hosts.deny
>
> should be a good enough test, I reckon.
You could also be linked against libwrap.
> 3) Check I'm not using a kernelspace NFS server. I'd guess that would ignore
> the TCP_WRAPPERS config files.
I think it's probably rpc.mountd that's the important bit here. That
appears to be what validates the mount requests.
On CentOS 4.4 here, rpc.mountd is linked against libwrap, portmap isn't.
Matt
--
"I never deal with the common man. The common man has no spirituality.
The common man thinks that Ganesha is Dennis the Menace's dog."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.sclug.org.uk/pipermail/sclug/attachments/20070418/9c8d5f0f/attachment.bin
More information about the Sclug
mailing list