Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Securing RPC services with TCP Wrappers

807557Jun 2 2009 — edited Sep 2 2009

Hello All,
I have two node cluster running solaris 10. Since SVM needs few rpc services like metad,metamedd and metamhd, I dont want to disable them. But at the same time, wants to block them from outside world.

But readme page of TCP Wrappers (http://www.sunfreeware.com/README.tcpwrappers) says "The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration file". And other internet sources says same. So my question is this valid still?. Or it is possible to filter RPC services using TCP Wrappers.

When I tested this with following entries in /etc/hosts.allow and /etc/hosts.deny, my two nodes did not give any trouble after couple of reboots. SVM is working fine. So I wonder whether RPC services area really blocked (other than the local host) or not.

Content of /etc/hosts.deny
===========================
rpcbind: ALL : severity debug
rpc.metad: ALL : severity debug
rpc.metamhd: ALL : severity debug
rpc.metamedd: ALL : severity debug
rpc.metacld: ALL : severity debug

Content of /etc/hosts.allow
=======================================
rpcbind: KNOWN : severity debug
rpc.metad: localhost : severity debug
rpc.metamhd: localhost : severity debug
rpc.metamedd: localhost : severity debug
rpc.metacld: localhost : severity debug

Any hints/information regarding this will be really appreciated.

Locked Post

New comments cannot be posted to this locked post.

Locked on Sep 30 2009

Added on Jun 2 2009

#oracle-solaris, #solaris-10

8 comments

648 views