Veritas-bu

[Veritas-bu] Solaris 9 hosts.allow question

2004-11-04 17:24:49
Subject: [Veritas-bu] Solaris 9 hosts.allow question
From: gary.andresen AT pnwdata DOT com (Gary Andresen)
Date: Thu, 4 Nov 2004 14:24:49 -0800
Inetd on solaris 9 can now be wrapped (IE tcpwrappers) this is built into
solaris 9 where if you wanted tcpwrappers before you would download it from
solaris freeware or get the source and make it yourself. 

So I'm assuming your setting for tcpwrappers is set for yes.

If you want your solaris9 machines to look like your older solaris machines
do the following edit;
Cd /etc/default
Vi inetd
Go to the following line
ENABLE_TCPWRAPPERS=YES
Set the 'YES' to 'NO'

For the man pages on tcpd add the following to your MANPATH variable;
I use ksh so this is for ksh :--)
export MANPATH=$MANPATH:/usr/sfw/man

Hope this helps
G


Gary Andresen 
Impossible Happens, Plan Ahead 
Pacific Northwest Data Inc. 
Tel: 503.701.5185 
Fax: 503.692.3910 
gary.andresen AT pnwdata DOT com 
www.pnwdata.com 

> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu [mailto:veritas-bu-
> admin AT mailman.eng.auburn DOT edu] On Behalf Of Brzozowski, Dwayne
> Sent: Wednesday, November 03, 2004 8:54 PM
> To: 'veritas-bu AT mailman.eng.auburn DOT edu'
> Cc: 'Lue-Fook-Sang, Andre'
> Subject: RE: [Veritas-bu] Solaris 9 hosts.allow question
> 
> I did get some answers from Veritas. I didn't think it would be this
> quick
> or detailed, but it all makes sense. Here is what Veritas has said about
> hosts.allow entries for Solaris 9.
> 
> Because of the built in security on Solaris 9, anything not in
> hosts.allow
> is automatically denied, explaining the need for bpcd, vnetd, and bpjava.
> The ALL statement pertains to several media servers/masters. This allows
> any
> NetBackup server to contact/connect to the client. IP's can be used to
> ensure only specific NB servers are allowed access. Bpjava, both entries
> are
> to allow the NB java gui to be pulled off of that client. Again, specific
> ip's can be used. Vnetd is an acronym, which stands for Veritas Network
> Daemon. All three of these processes are specified in the services file,
> and
> specific ports are also defined.
> 
> To validate/invalidate this statement by Veritas, I have been running
> tests
> all night with this configuration. The conclusion is:bpcd MUST be in
> /etc/hosts.allow on a Solaris 9 NB client. Bpjava-msvc, bpjava-susvc, and
> vnetd is not needed in the client hosts.allow. These three processes have
> already been defined in the services and inetd.conf files during NB
> client
> install. I ran a backup on a Solaris 9 client and restored back to that
> client with only the bpcd entry in the hosts.allow. That was successful.
> Also, with only the bpcd entry, I was able to pull the java gui off the
> client
> 
> 
> -Dwayne
> 
> I Sense much NT in you...
> NT leads to bluescreen..
> bluescreen leads to downtime..
> downtime leads to suffering...
> NT is the path to the darkside...
> Powerful Unix is...
> 
> Unix Jedi
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Lue-Fook-Sang, Andre [mailto:andre.lue-fook-sang AT thomson DOT com]
> Sent: Wednesday, November 03, 2004 6:48 PM
> To: Brzozowski, Dwayne; 'veritas-bu AT mailman.eng.auburn DOT edu'
> Subject: Re: [Veritas-bu] Solaris 9 hosts.allow question
> 
> 
> Have you tried just the networks you have clients on
> eg.
> bpcd: 172.30.10, 176.12.5
> 
> Andre' Lue-Fook-Sang
> Thomson One Security Engineer
> Technical Operations - Production Support
> Thomson Financial
> Tel: 212-510-3943
> Fax: 212-510-4498
> 
> 
> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu
> <veritas-bu-admin AT mailman.eng.auburn DOT edu>
> To: 'veritas-bu AT mailman.eng.auburn DOT edu' <veritas-
> bu AT mailman.eng.auburn DOT edu>
> Sent: Wed Nov 03 18:59:42 2004
> Subject: [Veritas-bu] Solaris 9 hosts.allow question
> 
> Hi,
> I hope someone has run across this before. I have a Solaris 9 NetBackup
> 4.5FP4 master, with a mix of Solaris 8 (mainly) and several Solaris 9
> clients. Currently, to make backups work on a Solaris 9 client, I have
> the
> following entry in the hosts.allow (client side):
> 
> bpcd: ALL
> bpjava-msvc: ALL in one port
> bpjava-susvc: ALL out the other
> vnetd: ALL
> 
> My question is, do I need the ALL statement on each line, or just the
> netbackup master name on each line. My internal security group is looking
> for a definitive answer on if/why the ALL statement has to be there.
> Also,
> if anyone knows, why doesn't this have to be in the hosts.allow for
> Solaris
> 8 clients? Any help would be greatly appreciated!
> 
> 
> 
> -Dwayne
> 
> Dwayne J. Brzozowski
> Department of Veterans Affairs
> Night Shift Supervisor-Unix Group
> Austin Automation center
> (512)326-6728 work
> dwayne.brzozowski AT mail.va DOT gov
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu



<Prev in Thread] Current Thread [Next in Thread>