On Wed Mar 07 2001 at 14:10, Rebecca.R.Krause@xxxxxxxxxxx wrote:
> I checked my hosts.allow and hosts.deny files. They are both empty.
Make sure that in the end you have in /etc/hosts.deny:
ALL: ALL
(to deny all), and in /etc/hosts.allow something like this:
# examples only
in.telnetd in.ftpd : localhost \
192.168.1.0/255.255.255.0 \
192.168.2.1 192.168.2.10 \
192.168.128/255.255.255.128 \
<lists of other IP addresses/networks allowed access>
This is policy of deny everything except what is specifically
allowed. Very secure (and HIGHLY recommended). The man pages for
hosts.{allow,deny} give lots of hits how you can set thing up so
that each denied connection attempt it logged or generates emails,
or whatever. Very powerful.
> I attempted to start telnet as a daemon during startup. Here are the steps
> I followed as root:
>
> cd etc/xinetd.d
> cp telnet /etc/rc.d/init.d
What??? WHY did you do that??? Amazing, you just broke your
system's startup. (Oh well, live and learn...)
> cd etc/rc.d/init.d
> chmod 777 telnet
> cd etc/rc.d/rc3.d
> ln -s ../init.d/telnet S70telnet
First, fix things by undoing what you just did:
rm -f /etc/rc.d/init.d/telnet /etc/rc.d/rc3.d/S70telnet
To get it working how you want, all you have to do to have it
running by default at bootup is this:
chkconfig telnet on
All xinetd daemons can be turned on and off for bootup by using
chkconfig. It is a VERY useful tool, learn to use it.
It is trivial to use it in the %post section of a kickstart script.
After installation, do this to get it working:
chconfig telnet on
service xinetd reload
(ie, no need to reboot... there is hardly ever [never?] any need to
reboot just to start and stop network daemons).
> when I watch the screen during reboot and telnet tries to start, I get the
> following message:
> Starting telnet:
> VFS: file-max limit 4096 reached
> exec: too many open files in system
> Unable to load interpreter /lib/ld-linux.so.2
Yep, not suprised. :-)
Really, you need to learn exactly what happens at bootup and how to
control it. It seems you have a general idea, but not the
specifics.
> I am able to telnet from my machine but if I try to telnet to it I get a
> "connection refused" message.
The daemon isn't running, that's why.
> My file called telnet looks like this:
> # default: on
> # description: The telnet server serves telnet sessions; it uses \
> # unencrypted username/password pairs for authentication.
> service telnet
> {
> flags = REUSE
> socket_type = stream
> wait = no
> user = root
> server = /usr/sbin/in.telnetd
> log_on_failure += USERID
> }
That's a good config file for xinetd which should live in
/etc/xinetd.d/. telnet is supposed to run via xinetd, so
/etc/rc.d/init.d/xinetd is the magic script (which you should not
touch).
/etc/rc.d/init.d/* files are supposed to be executable files
(usually shell scripts).
> When I look at the rest of the executable files in /etc/rc.d/init.d, I see
> that most of them have start(), stop() and restart(). I am assuming I
> need something like that in my telnet file. Is there documentation around
> to help me create this file? Do I have the correct steps to start a daemon
> at startup...so once I get a good telnet file it should work for me?
Have a look on the redhat documentation cdrom, it's all there. Lots
of it in excellent detail.
No need at all for a /etc/rc.d/init.d/telnet file.
man xinetd in.telnetd
> Thanks!
> Rebecca
Good luck.
Cheers
Tony
