Ok, I was wrong.
Can you explain me why I was not able to forbid access to portmap
(and/or unfs) when using the following config files?
I've tried using syntaxes "138.100.12.136/255.255.248.0" and "138.100."
and I can still access portmap and unfs from the internet ...
I had to put folders in ro mode to avoid security problems ... :-(
Thanks,
Victor.
vpab...@babel:~$ cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and
hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# clients allowed to mount via nfs.
# rpc.mountd : 138.100.12.136/255.255.248.0
portmap : 138.100.
unfsd : 138.100.
# Disabled (if they care)
# statd : ALL
# lock : ALL
# rquotad : ALL
# mountd : ALL
vpab...@babel:~$ cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the
system.
# See the manual pages hosts_access(5) and
hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
# Only the ones listed in hosts.allow are allowed to mount via nfs.
# rpc.mountd : ALL
portmap : ALL
unfsd : ALL
statd : ALL
lock : ALL
rquotad : ALL
mountd : ALL
# More info:
# http://times.usefulinc.com/2006/09/29-portmap-security
#
On 02/24/2010 10:48 AM, Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the portmap package:
#566889: Man pages say "This portmap version is protected by the tcp_wrapper
library." but it is not.
It has been closed by Petter Reinholdtsen<p...@hungry.com>.
Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Petter
Reinholdtsen<p...@hungry.com> by
replying to this email.
--
---------------------------------------------------------------------
---------------------------------------------------------------------
Víctor Pablos Ceruelo - Software Engineer, Phd student.
Telephone number: +34 655 53 64 27
Email: vpablos at fi dot upm dot es or
victorpablosceruelo at gmail dot com
Msn: victorpablosceruelo at gmail dot com
Skype: victorpablosceruelo
Web page: https://babel.ls.fi.upm.es/~vpablos/
---------------------------------------------------------------------
---------------------------------------------------------------------
Si ha recibido este correo electrónico por error, le informamos que
puede contener información confidencial y que está prohibido su uso.
Le rogamos lo comunique a su remitente y lo elimine.
Gracias por su colaboración.
If you receive this e-mail by error, please note that it may contain
confidential information, therefore, the use of this information is
strictly forbidden. Please inform the sender of the error and delete
the information received.
Thank you for your collaboration.
---------------------------------------------------------------------
---------------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
