When I type the following command, I see that the FD is compiled with
TCP Wrappers
So I think that they are enabled or am I wrong ?
# ldd /usr/sbin/bacula-fd |grep wrap
[...]
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f8b778ea000)
[...]
iptables are already configured for the port 9102 to be opened :
41 2460 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:9102
But we also have a ALL:ALL directive in the hosts.deny and this is the
one that prevents the DIR to contact the FD
We use this combination of hosts.allow / hosts.deny files on other
Distributions and it works.
No problem on the DIR side as it contacts successfully other FDs
That's why I can't understand :-)
Norbert
Le 14/04/2016 15:29, Clark, Patti a écrit :
> Because tcp_wrappers is not configured for bacula by default. Your
> hosts.allow file is not configured properly. As this is not a linux
> list, please read up on tcp_wrappers, there is a lot of information
> available. I would only use tcp_wrappers in a layered approach to
> security and only after using a firewall as my primary defense.
>
> It would be more appropriate to use iptables to control access to the
> bacula ports. Here are a couple of examples. If you want tighter
> controls on your backup server and/or storage daemon server, research
> iptables configurations and test. Perhaps someone on the list will
> contribute some of their examples of tighter firewall controls.
>
> On the server and wide open:
>
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103 -j ACCEPT
>
>
> On the client and only to the specific server replacing x.x.x.x with
> your bacula server’s ip address:
>
> -A INPUT -s x.x.x.x -p tcp -m state --state NEW,RELATED,ESTABLISHED -m
> tcp --dport 9102 -j ACCEPT
>
>
> */Patti/*
>
>
> From: Norbert Gomes <norbert.go...@univ-orleans.fr
> <mailto:norbert.go...@univ-orleans.fr>>
> Date: Thursday, April 14, 2016 at 5:36 AM
> To: "bacula-users@lists.sourceforge.net
> <mailto:bacula-users@lists.sourceforge.net>"
> <bacula-users@lists.sourceforge.net
> <mailto:bacula-users@lists.sourceforge.net>>
> Subject: Re: [Bacula-users] build RPM for FD 5.2 in CentOS 6
>
> My problem seems to be with TCP wrappers, but I don't understand why :
>
> Like this, it doesn't work :
>
> hosts.deny :
> ALL: ALL
>
> hosts.allow :
> 9102: ALL
> bacula-fd: ALL
>
>
> But if I comment the hosts.deny file (or put ALL: ALL in the
> hosts.allow file), it works.
>
>
> I don't see where I made a mistake ?
>
> My process running is :
> root 1142 1 0 11:02 ? 00:00:00 bacula-fd -c
> /etc/bacula/bacula-fd.conf -u root -g root
>
>
> Norbert
> Le 14/04/2016 09:58, Norbert Gomes a écrit :
>> Hi
>>
>> Thank you for the repositories, it works on a test machine (fresh
>> CentOS 6.2), but not in the production one : in this last, the DIR
>> can't contact the FD ( iptables and TCP wrappers seem to be OK)
>>
>> Maybe I missed something elsewhere.
>>
>> I'll give a look
>>
>> Regards
>>
>> Norbert
>>
>>
>> Le 13/04/2016 12:47, Simone Caronni a écrit :
>>> Hi Norbert,
>>>
>>> I'm the Bacula mantainer for Fedora. can you use the rebuild I do of
>>> current packages for RHEL/CentOS and Fedora? You can upgrade
>>> directly from CentOS/RHEL packages straight to them.
>>> They have all features enabled. Please read the included README file
>>> in bacula-common.
>>>
>>> Bacula 5.2: https://repos.fedorapeople.org/slaanesh/bacula/
>>> <https://repos.fedorapeople.org/slaanesh/bacula/>
>>> Bacula 7.0: https://repos.fedorapeople.org/slaanesh/bacula7/
>>> Bacula 7.4: http://copr.fedorainfracloud.org/coprs/slaanesh/Bacula/
>>>
>>> If you look on Google there's some history behind the packages.
>>> Please note that only the 7.4 branch is supported.
>>>
>>> Regards,
>>> --Simone
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Apr 13, 2016 at 12:28 PM, Norbert Gomes
>>> <norbert.go...@univ-orleans.fr
>>> <mailto:norbert.go...@univ-orleans.fr>> wrote:
>>>
>>> Hi
>>>
>>> I have to build a rpm for the bacula-fd 5.2 in Cent OS 6, and follow
>>> this page :
>>>
>>> http://www.bacula.org/5.2.x-manuals/en/utility/utility/Bacula_RPM_Packaging_FAQ.html
>>>
>>> I downloaded and extracted the bacula-5.2.13.tar.gz file, then :
>>>
>>> Looked at the bacula.spec.in <http://bacula.spec.in> file in
>>> "platforms/rpms/redhat/bacula.spec.in <http://bacula.spec.in>"
>>>
>>> Tried to build with this command :
>>>
>>> rpmbuild -ba --define "build_centos6 1" --define
>>> "build_client_only 1"
>>> platforms/rpms/redhat/bacula.spec.in <http://bacula.spec.in>
>>>
>>> But if fails with
>>> error: line 457: empty tag: Distribution:
>>>
>>> The line in the spec file is :
>>> Distribution: %{_dist}
>>>
>>>
>>> I think that the _dist variable is empty because in the
>>> precedent lines,
>>> the centos6 condition is missing :
>>>
>>> %if %{centos5} || %{centos4} || %{centos3}
>>> %define _dist %(grep CentOS /etc/redhat-release)
>>> %endif
>>>
>>> If I add a centos6 condition, the same error message appears.
>>>
>>> Anyone has an idea, or is there another way to build a RPM file ?
>>>
>>> Regards
>>>
>>> Norbert
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Find and fix application performance issues faster with
>>> Applications Manager
>>> Applications Manager provides deep performance insights into
>>> multiple tiers of
>>> your business applications. It resolves application problems
>>> quickly and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>> _______________________________________________
>>> Bacula-users mailing list
>>> Bacula-users@lists.sourceforge.net
>>> <mailto:Bacula-users@lists.sourceforge.net>
>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>>
>>>
>>>
>>>
>>> --
>>> You cannot discover new oceans unless you have the courage to lose
>>> sight of the shore (R. W. Emerson).
>>>
>>> http://xkcd.com/229/
>>> http://negativo17.org/
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications Manager
>> Applications Manager provides deep performance insights into multiple tiers
>> of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>
>>
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/bacula-users
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
