I have recently changed the contents of /etc/hosts.deny....in linux i would use a: killall -HUP xinetd to refresh this change to the system (that is, w/o rebooting it)...

how would i do this in AIX????? refresh -s inetd doesn't seem to be working....

thanks

zepp

ps -aef |grep inet
kill -1 XXXXX

I didn't think you had to refresh anything; are you sure the syntax and permissions of the files (accept & deny) are correct?

here is the format of my /etc/hosts.deny file on the RS/6000 box:

ALL: ALL


simple as that...not sure why, even when an "outside" host is trying to access it, it allows things through....any thoughts for logs to check for entries?

zepp

Could you post the /etc/inetd.conf line for the service using TCP Wrappers - maybe that's not right.

If the connections are using SSH, is SSH compiled to use TCP Wrappers?

I see what your saying...tcp wrappers may not even be employed on ssh. right. hmm...

when i type: ssh -V i get:

ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on rs6000-ibm-aix4.3.3.0

there is no entry in /etc/inetd.conf for ssh...how would i do a quick check to see if tcp wrappers is
enabled for this version of ssh on the rs6000 box???

thanks for being helpful/patient with me...

UPDATE:

I checked in the ssh compilation directory and within file: sshconf.h

found a few interesting lines:

/* Define this to include libwrap (tcp_wrappers) support. */
/* #undef LIBWRAP */
/* #undef HAVE_LIBWRAP */


the comment lines have blocked the wrapping support i guess...right?

would i uncomment both the bottom two lines and instead of "undef" put "def" ???

thanks...

For that version of SSH, I'm not sure. I do use it, but I get a pre-compiled binary from ssh.com and I haven't checked whether that supports tcp wrappers.

I can remember hitting this issue with the version of SSH from F-Secure. In that case, there was a flag on the configure command for tcp wrappers (something like configure --with-tcp-wrappers) so it might be worth checking out the configure options.

You're right that SSH is never started from inetd.conf; it's an unusual app in that tcp wrapper support does have to be compiled in; I'm not aware of any way to actually wrapper it as can be done with things called from inetd.

I was able to track down a FAQ on this version of ssh...

Q: How do I setup sshd2 to support tcp-wrappers?

A: First, ./configure --with-libwrap and whatever flags you need. Make
sure that configure finds your libwrap.a and tcpd.h files. Recompile.
(Note that if you don't have your tcp-wrappers in a standard place,
you can give the path as argument to configure;
--with-libwrap=/path/to/libwrap/)

After this you can edit your /etc/hosts.allow and /etc/hosts.deny
files. These "daemon" strings are in use by sshd2:

sshd, sshd2 (The name sshd2 was called with (usually "sshd"))
sshdfwd-X11 (if you want to allow/deny X11-forwarding)
sshdfwd-<port-number> (for tcp-forwarding)
sshdfwd-<port-name> (port-name defined in /etc/services. Used in
tcp-forwarding.)