Joshua Baker-LePain wrote:
On Wed, 25 Feb 2004 at 3:06pm, jlm17 wroteI didn't have either a /etc/hosts.allow or /etc/hosts.deny. I created an /etc/hosts.allow with the one line: ALL: LOCAL No change in behavior.
I commented out the only_from line from all three amanda services but it does not work.
The other thing to check is /etc/hosts.{allow,deny}. I don't know Gentoo, but on RedHat xinetd uses them. Accepts or denies based on those files should be logged in /var/log/secure.
iptables looks empty:
Note that I do not get any lines about removing amanda services.
Yes, but...
If you're not getting anything in /tmp/amanda, then amandad isn't even starting up. Is ipchains/iptables getting in the way? What's the output of 'netstat -ln | grep 10080'?
netstat -ln | grep 10080 udp 0 0 0.0.0.0:10080 0.0.0.0:*
That means amanda is listening, so that part of xinetd is working right.
As far as I know I do not have any iptables stuff turned on. I don't even have the iptables userland tools installed. I have turned it on in the kernel, though.
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
You can check what rules are set up with 'iptables -nL'. I'd say the next thing to do would be to look at the traffic. Do 'tcpdump -i lo' and then run amcheck and see what happens.
tcpdump gives me this:
tcpdump -vv -i lo
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 68 bytes
10:08:27.706802 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 145) royal.inse.lucent.com.798 > royal.inse.lucent.com.amanda: UDP, length: 117
10:08:37.704970 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 145) royal.inse.lucent.com.798 > royal.inse.lucent.com.amanda: UDP, length: 117
10:08:47.706323 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 145) royal.inse.lucent.com.798 > royal.inse.lucent.com.amanda: UDP, length: 117
Additionally I figured out that xinetd logs some stuff in /var/log/auth.log:
Feb 26 10:08:27 royal xinetd[5766]: START: amanda pid=5941 from=152.148.113.221
Feb 26 10:08:27 royal xinetd[5941]: FAIL: amanda address from=152.148.113.221
Feb 26 10:08:37 royal xinetd[5766]: START: amanda pid=5942 from=152.148.113.221
Feb 26 10:08:37 royal xinetd[5942]: FAIL: amanda address from=152.148.113.221
Feb 26 10:08:47 royal xinetd[5766]: START: amanda pid=5943 from=152.148.113.221
Feb 26 10:08:47 royal xinetd[5943]: FAIL: amanda address from=152.148.113.221
Still not very useful though. I have changed the amandad config in xinetd:
service amanda
{
socket_type = dgram
protocol = udp
wait = yes
user = amanda
group = amanda
groups = yes
server = /usr/libexec/amandad
# You need to ensure this points to your Amanda server!
# Don't just remove it!
only_from = royal
disable = no
}so that wait = no. That just made things worse. Running amandad by hand seems to do the right thing:
sudo -u amanda /usr/libexec/amandad amandad: error receiving message: timeout
The next thing I will be trying is to run strace on xinetd and see if I can glean any information that way.
Thanks again for all of your help.
