|
Re: [Bacula-users] build RPM for FD 5.2 in CentOS 6
2016-04-14 09:48:26
When I type the following command, I see that the FD is compiled
with TCP Wrappers
So I think that they are enabled or am I wrong ?
# ldd /usr/sbin/bacula-fd |grep wrap
[...]
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f8b778ea000)
[...]
iptables are already configured for the port 9102 to be opened :
41 2460 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:9102
But we also have a ALL:ALL directive in the hosts.deny and this is
the one that prevents the DIR to contact the FD
We use this combination of hosts.allow / hosts.deny files on other
Distributions and it works.
No problem on the DIR side as it contacts successfully other FDs
That's why I can't understand :-)
Norbert
Le 14/04/2016 15:29, Clark, Patti a
écrit :
Because tcp_wrappers is not configured for bacula by
default. Your hosts.allow file is not configured properly.
As this is not a linux list, please read up on
tcp_wrappers, there is a lot of information available. I
would only use tcp_wrappers in a layered approach to
security and only after using a firewall as my primary
defense.
It would be more appropriate to use iptables to control
access to the bacula ports. Here are a couple of examples.
If you want tighter controls on your backup server and/or
storage daemon server, research iptables configurations and
test. Perhaps someone on the list will contribute some of
their examples of tighter firewall controls.
On the server and wide open:
-A
INPUT -m state --state NEW -m tcp -p tcp --dport
9101:9103 -j ACCEPT
On the client and only to the specific server replacing
x.x.x.x with your bacula server’s ip address:
-A
INPUT -s x.x.x.x -p tcp -m state --state
NEW,RELATED,ESTABLISHED -m tcp --dport 9102 -j ACCEPT
My problem seems to be
with TCP wrappers, but I don't understand why :
Like this, it doesn't work :
hosts.deny :
ALL: ALL
hosts.allow :
9102: ALL
bacula-fd: ALL
But if I comment the hosts.deny file (or put ALL: ALL in the
hosts.allow file), it works.
I don't see where I made a mistake ?
My process running is :
root 1142 1 0 11:02 ? 00:00:00 bacula-fd -c
/etc/bacula/bacula-fd.conf -u root -g root
Norbert
Le 14/04/2016 09:58, Norbert
Gomes a écrit :
Hi
Thank you for the repositories, it works on a test machine
(fresh CentOS 6.2), but not in the production one : in
this last, the DIR can't contact the FD ( iptables and TCP
wrappers seem to be OK)
Maybe I missed something elsewhere.
I'll give a look
Regards
Norbert
Le 13/04/2016 12:47, Simone
Caronni a écrit :
Hi Norbert,
I'm the Bacula mantainer for Fedora. can you use
the rebuild I do of current packages for RHEL/CentOS
and Fedora? You can upgrade directly from
CentOS/RHEL packages straight to them.
They have all features enabled. Please read the
included README file in bacula-common.
If you look on Google there's some history behind
the packages.
Please note that only the 7.4 branch is
supported.
Regards,
--Simone
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT nethttps://lists.sourceforge.net/lists/listinfo/bacula-users
|
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|
