Re: [Bacula-users] build RPM for FD 5.2 in CentOS 6
2016-04-14 09:31:09
Because tcp_wrappers is not configured for bacula by default. Your hosts.allow file is not configured properly. As this is not a linux list, please read up on tcp_wrappers, there is a lot of information available. I would only use tcp_wrappers in a
layered approach to security and only after using a firewall as my primary defense.
It would be more appropriate to use iptables to control access to the bacula ports. Here are a couple of examples. If you want tighter controls on your backup server and/or storage daemon server, research iptables configurations and test. Perhaps someone
on the list will contribute some of their examples of tighter firewall controls.
On the server and wide open:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103 -j ACCEPT
On the client and only to the specific server replacing x.x.x.x with your bacula server’s ip address:
-A INPUT -s x.x.x.x -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 9102 -j ACCEPT
My problem seems to be with TCP wrappers, but I don't understand why :
Like this, it doesn't work :
hosts.deny :
ALL: ALL
hosts.allow :
9102: ALL
bacula-fd: ALL
But if I comment the hosts.deny file (or put ALL: ALL in the hosts.allow file), it works.
I don't see where I made a mistake ?
My process running is :
root 1142 1 0 11:02 ? 00:00:00 bacula-fd -c /etc/bacula/bacula-fd.conf -u root -g root
Norbert
Le 14/04/2016 09:58, Norbert Gomes a écrit :
Hi
Thank you for the repositories, it works on a test machine (fresh CentOS 6.2), but not in the production one : in this last, the DIR can't contact the FD ( iptables and TCP wrappers seem to be OK)
Maybe I missed something elsewhere.
I'll give a look
Regards
Norbert
Le 13/04/2016 12:47, Simone Caronni a écrit :
Hi Norbert,
I'm the Bacula mantainer for Fedora. can you use the rebuild I do of current packages for RHEL/CentOS and Fedora? You can upgrade directly from CentOS/RHEL packages straight to them.
They have all features enabled. Please read the included README file in bacula-common.
If you look on Google there's some history behind the packages.
Please note that only the 7.4 branch is supported.
Regards,
--Simone
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT nethttps://lists.sourceforge.net/lists/listinfo/bacula-users
|
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|