WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: TCP Wrapper (tcp_wrappers.tcz) installed but not /usr/local/bin/tcpd?  (Read 395 times)

Offline sabrina

  • WikiUser
  • *
  • Posts: 4
I'm learning host based firewall by installing `tcp_wrappers.tcz` on Tiny Core Linux (TCL).

Initially, the following files were not there which was expected.

Code: newbielink:javascript:void(0); [nonactive]
    /etc/hosts.allow
    /etc/hosts.deny

BEFORE

Code: newbielink:javascript:void(0); [nonactive]
    tc@linux:/etc$ date; ls -lh /etc/host*
    Thu May  3 20:20:51 UTC 2018
    -rw-rw-r--    1 root     staff         26 Jul  4  2016 /etc/host.conf
    -rw-r--r--    1 root     root           4 May  3 20:18 /etc/hostname
    -rw-r--r--    1 root     root         290 May  3 20:18 /etc/hosts
    tc@linux:/etc$
INSTALLATION

Code: newbielink:javascript:void(0); [nonactive]
    tc@linux:/etc$ tce-load -wi tcp_wrappers.tcz
    Downloading: tcp_wrappers.tcz
    Connecting to repo.tinycorelinux.net (89.22.99.37:80)
    tcp_wrappers.tcz     100% |****************************************************************************************************************************************| 40960   0:00:00 ETA
    tcp_wrappers.tcz: OK
    tc@linux:/etc$

AFTER

Code: newbielink:javascript:void(0); [nonactive]
    tc@linux:/etc$ date; ls -lh /etc/host*     
    Thu May  3 20:21:14 UTC 2018
    -rw-rw-r--    1 root     staff         26 Jul  4  2016 /etc/host.conf
    -rw-r--r--    1 root     root           4 May  3 20:18 /etc/hostname
    -rw-r--r--    1 root     root         290 May  3 20:18 /etc/hosts
    -rw-r--r--    1 root     root         121 Nov 27  2008 /etc/hosts.allow
    -rw-r--r--    1 root     root         119 Nov 27  2008 /etc/hosts.deny
    tc@linux:/etc$

Then, I was able to see both files created.

Code: newbielink:javascript:void(0); [nonactive]
    tc@linux:/etc$ cat /etc/hosts.allow
    # hosts.allow   This file describes the names of the hosts which are allowed access by the '/usr/local/bin/tcpd' server.
    tc@linux:/etc$
   
    tc@linux:/etc$ cat /etc/hosts.deny
    # hosts.deny   This file describes the names of the hosts which are denied access by the '/usr/local/bin/tcpd' server.
    tc@linux:/etc$

Unfortunately, `/usr/local/bin/tcpd` was not there.

Code: newbielink:javascript:void(0); [nonactive]
    tc@linux:/etc$ ls -lh /usr/local/bin/tcpd
    ls: /usr/local/bin/tcpd: No such file or directory
    tc@linux:/etc$

Obviously TCP Wrapper won't work without `tcpd` right?

How to make this work?

Offline Rich

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 5777
Hi sabrina
Code: [Select]
    tc@linux:/etc$ ls -lh /usr/local/bin/tcpd
    ls: /usr/local/bin/tcpd: No such file or directory
    tc@linux:/etc$

Obviously TCP Wrapper won't work without `tcpd` right?

How to make this work?
What if you do:
Code: [Select]
tc@box:~$ ls -lh /usr/local/sbin/tcpd
lrwxrwxrwx 1 root root 44 Jan 12  2017 /usr/local/sbin/tcpd -> /tmp/tcloop/tcp_wrappers/usr/local/sbin/tcpd
tc@box:~$
Since it's in  /usr/local/sbin/  you'll have to start it as  root  or by using  sudo.

Offline Misalf

  • Hero Member
  • *****
  • Posts: 1652
Also, you can see the contents of mounted extensions in  /tmp/tcloop  or at  http://tinycorelinux.net/9.x/x86/tcz/tcp_wrappers.tcz.list  (just adding  .list  to the file name).
Download a copy and keep it handy: Core book ;)

Offline sabrina

  • WikiUser
  • *
  • Posts: 4
What if you do:
Code: newbielink:javascript:void(0); [nonactive]
tc@box:~$ ls -lh /usr/local/sbin/tcpd
lrwxrwxrwx 1 root root 44 Jan 12  2017 /usr/local/sbin/tcpd -> /tmp/tcloop/tcp_wrappers/usr/local/sbin/tcpd
tc@box:~$
Since it's in  /usr/local/sbin/  you'll have to start it as  root  or by using  sudo.

Thanks Rich. My mistake. I was just looking at the `/etc/hosts.allow` and `/etc/hosts.deny` comment without searching for the binary itself.

Code: newbielink:javascript:void(0); [nonactive]
tc@box:~$ sudo slocate tcpd
/usr/local/sbin/tcpdmatch
/usr/local/sbin/tcpdchk
/usr/local/sbin/tcpd
tc@box:~$

Another question is how to test this TCP Wrapper as host based firewall? Both `nc` and `sshd` were not compiled/supported by TCP Wrapper.

Code: newbielink:javascript:void(0); [nonactive]
tc@box:~$ ldd /usr/bin/nc | grep wr
tc@box:~$ ldd /usr/local/sbin/sshd | grep wr
tc@box:~$

Offline Rich

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 5777
Hi sabrina
I've never dealt with  tcp_wrappers  so my first recommendation is to try Googling something like:
Code: [Select]
how to configure tcp wrappers in linux
or:
Code: [Select]
how to use tcp wrappers in linux
to get started. Then, if you still have problems or questions, post what you did including any error messages. Then we can
try to figure out any problems.

Offline sabrina

  • WikiUser
  • *
  • Posts: 4
Apparently, sshd & nc were not compiled against the libwrap.a library in TCL. I've just tested the same binary in CentOS and it works.

Code: newbielink:javascript:void(0); [nonactive]
[root@localhost ~]# whereis sshd
sshd: /usr/sbin/sshd /usr/share/man/man8/sshd.8.gz
[root@localhost ~]#

[root@localhost ~]# ldd /usr/sbin/sshd | grep libwrap
        libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f506b6e2000)
[root@localhost ~]#