Part 1 – Configuration of tcp-wrappers
There might be a firewall running on your computer. Stop the firewall as follows to avoid complications.
service iptables stop
Work with one of your colleagues. Ask him/her to create a username for you on his/her machine. Find out the IP address of his/her machine.
Explain how you can find out the IP address of your machine using a command-line command?
Attempt to logon remotely to your username on your colleague’s machine using a command of the following form.
ssh your-username@ip-address
What happens? Explain the information presented on screen.
Exit and configure tcp-wrappers to prevent access.
The files that are used to configure tcp-wrappers are the following.
/etc/hosts.allow
/etc/hosts.deny
Only the root user can modify these files.
You should restore these files to their original states at the end of your session. Create some backup copies in the usual way.
cd /etc
cp hosts.allow hosts.allow.BACKUP
cp hosts.deny hosts.deny.BACKUP
First establish the default policy in tcp-wrappers of denying all access (colloquially, “deny everything to everybody”).
Edit /etc/hosts.deny with your preferred text editor so that it contains the following line.
ALL: ALL
To what does the first occurrence of ALL refer?
To what does the second occurrence of ALL refer?
Note that, of course, tcp-wrappers will provide access control only to those network applications that are using it.
Now ensure that your colleague has edited hosts.deny as above.
Attempt to logon remotely to your username on your colleague’s machine again using the same command as before.
What happens?
To restrict access to only specific services from trusted hosts your colleague must edit his/her hosts.allow file to give ssh access from your IP address. Similarly, you must edit your hosts.allow file to give your colleague ssh access from his/her IP address.
Again, attempt to logon remotely with ssh to your username on your colleague’s machine.
What happens?
Provide evidence of success in gaining access and carefully explain this evidence. As always, make notes of everything you do – commands, what fails, what succeeds, explanations, answers to questions, etc.
Remember to restore hosts.allow and hosts.deny to their original states from the backup copies.
Part 2 – A little problem
Solve the following problem by thought, analysis, creativity, etc. – do not use Google.
Determine whether the tcp-wrappers library libwrap is compiled into the following applications in the Linux Lab.
- sshd.
- xinetd.
- sendmail.
- mysqld_safe*
*mysqld_safe is used on MySQL servers, as such you will need to convert your Virtual Fedora unit into a MySQL server. MySQL 5.0 + has recently been replaced with MariaDB, which functions exactly as MySQL ( its actually a little more streamlined) and is being developed is now as an alternative to MySQL which has recently been purchased by Oracle.
To install mariadb server tools, in a terminal window type ;
yum install mariadb-server
and reply ‘y’ when prompted.
To start the MySQL server ;
mysqld_safe &
Press ENTER a second time to return to the prompt, since the services is now running in the background.
The commands strings and grep should be used. What do they do?
There could be more than one way to solve this problem so investigate the alternatives next. Also further investigate any without wrappers and determine why.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]