Tiny Core Linux
Tiny Core Base => TCB Q&A Forum => Topic started by: sabrina on May 03, 2018, 09:06:17 AM
-
I'm learning host based firewall by installing `tcp_wrappers.tcz` on Tiny Core Linux (TCL).
Initially, the following files were not there which was expected.
/etc/hosts.allow
/etc/hosts.deny
BEFORE
tc@linux:/etc$ date; ls -lh /etc/host*
Thu May 3 20:20:51 UTC 2018
-rw-rw-r-- 1 root staff 26 Jul 4 2016 /etc/host.conf
-rw-r--r-- 1 root root 4 May 3 20:18 /etc/hostname
-rw-r--r-- 1 root root 290 May 3 20:18 /etc/hosts
tc@linux:/etc$
INSTALLATION
tc@linux:/etc$ tce-load -wi tcp_wrappers.tcz
Downloading: tcp_wrappers.tcz
Connecting to repo.tinycorelinux.net (89.22.99.37:80)
tcp_wrappers.tcz 100% |****************************************************************************************************************************************| 40960 0:00:00 ETA
tcp_wrappers.tcz: OK
tc@linux:/etc$
AFTER
tc@linux:/etc$ date; ls -lh /etc/host*
Thu May 3 20:21:14 UTC 2018
-rw-rw-r-- 1 root staff 26 Jul 4 2016 /etc/host.conf
-rw-r--r-- 1 root root 4 May 3 20:18 /etc/hostname
-rw-r--r-- 1 root root 290 May 3 20:18 /etc/hosts
-rw-r--r-- 1 root root 121 Nov 27 2008 /etc/hosts.allow
-rw-r--r-- 1 root root 119 Nov 27 2008 /etc/hosts.deny
tc@linux:/etc$
Then, I was able to see both files created.
tc@linux:/etc$ cat /etc/hosts.allow
# hosts.allow This file describes the names of the hosts which are allowed access by the '/usr/local/bin/tcpd' server.
tc@linux:/etc$
tc@linux:/etc$ cat /etc/hosts.deny
# hosts.deny This file describes the names of the hosts which are denied access by the '/usr/local/bin/tcpd' server.
tc@linux:/etc$
Unfortunately, `/usr/local/bin/tcpd` was not there.
tc@linux:/etc$ ls -lh /usr/local/bin/tcpd
ls: /usr/local/bin/tcpd: No such file or directory
tc@linux:/etc$
Obviously TCP Wrapper won't work without `tcpd` right?
How to make this work?
-
Hi sabrina
tc@linux:/etc$ ls -lh /usr/local/bin/tcpd
ls: /usr/local/bin/tcpd: No such file or directory
tc@linux:/etc$
Obviously TCP Wrapper won't work without `tcpd` right?
How to make this work?
What if you do:
tc@box:~$ ls -lh /usr/local/sbin/tcpd
lrwxrwxrwx 1 root root 44 Jan 12 2017 /usr/local/sbin/tcpd -> /tmp/tcloop/tcp_wrappers/usr/local/sbin/tcpd
tc@box:~$Since it's in /usr/local/sbin/ you'll have to start it as root or by using sudo.
-
Also, you can see the contents of mounted extensions in /tmp/tcloop or at http://tinycorelinux.net/9.x/x86/tcz/tcp_wrappers.tcz.list (http://tinycorelinux.net/9.x/x86/tcz/tcp_wrappers.tcz.list) (just adding .list to the file name).
-
What if you do:
tc@box:~$ ls -lh /usr/local/sbin/tcpd
lrwxrwxrwx 1 root root 44 Jan 12 2017 /usr/local/sbin/tcpd -> /tmp/tcloop/tcp_wrappers/usr/local/sbin/tcpd
tc@box:~$Since it's in /usr/local/sbin/ you'll have to start it as root or by using sudo.
Thanks Rich. My mistake. I was just looking at the `/etc/hosts.allow` and `/etc/hosts.deny` comment without searching for the binary itself.
tc@box:~$ sudo slocate tcpd
/usr/local/sbin/tcpdmatch
/usr/local/sbin/tcpdchk
/usr/local/sbin/tcpd
tc@box:~$
Another question is how to test this TCP Wrapper as host based firewall? Both `nc` and `sshd` were not compiled/supported by TCP Wrapper.
tc@box:~$ ldd /usr/bin/nc | grep wr
tc@box:~$ ldd /usr/local/sbin/sshd | grep wr
tc@box:~$
-
Hi sabrina
I've never dealt with tcp_wrappers so my first recommendation is to try Googling something like:
how to configure tcp wrappers in linux
or:
how to use tcp wrappers in linux
to get started. Then, if you still have problems or questions, post what you did including any error messages. Then we can
try to figure out any problems.
-
Apparently, sshd & nc were not compiled against the libwrap.a library in TCL. I've just tested the same binary in CentOS and it works.
[root@localhost ~]# whereis sshd
sshd: /usr/sbin/sshd /usr/share/man/man8/sshd.8.gz
[root@localhost ~]#
[root@localhost ~]# ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f506b6e2000)
[root@localhost ~]#