I am working on a Sol. Sec. Toolkit profile to comply with a customer requirement. I'm learning a lot but confused a bit by TCP wrappers configuration.
I read Glenn Brunette's paper at: http://www.sun.com/bigadmin/content/submitted/tcp_wrap_solaris10.html After running the toolkit with the enable-tcpwrappers.fin script enabled, I'm getting conflicting information from my Solaris 10 11/06 system: # inetadm -p |grep tcp tcp_trace=TRUE tcp_wrappers=TRUE # svcprop inetd |grep tcp defaults/tcp_trace boolean false defaults/tcp_wrappers boolean false # svcprop network/inetd|grep tcp defaults/tcp_trace boolean true defaults/tcp_wrappers boolean true Which answer is correct? Why is there a different answer for network/inetd than for inetd. As additional information svcprop reports wildly different fields for the two services. sr1-uvnn06-01% svcprop network/inetd defaults/bind_addr astring "" defaults/bind_fail_interval integer -1 defaults/bind_fail_max integer -1 defaults/con_rate_offline integer -1 defaults/failrate_cnt integer 40 defaults/failrate_interval integer 60 defaults/inherit_env boolean true defaults/max_con_rate integer -1 defaults/max_copies integer -1 defaults/stability astring Evolving defaults/tcp_trace boolean true defaults/tcp_wrappers boolean true loopback/entities fmri svc:/network/loopback loopback/grouping astring require_any loopback/restart_on astring error loopback/type astring service filesystem/entities fmri svc:/system/filesystem/local filesystem/grouping astring require_all filesystem/restart_on astring error filesystem/type astring service network/entities fmri svc:/milestone/network network/grouping astring optional_all network/restart_on astring error network/type astring service rpc/entities fmri svc:/network/rpc/bind rpc/grouping astring optional_all rpc/restart_on astring error rpc/type astring service upgrade/entities fmri svc:/network/inetd-upgrade upgrade/grouping astring optional_all upgrade/restart_on astring none upgrade/type astring service milestones/entities fmri svc:/milestone/sysconfig svc:/milestone/name-services milestones/grouping astring require_all milestones/restart_on astring none milestones/type astring service general/entity_stability astring Unstable general/single_instance boolean true dependents/inetd_multi-user astring svc:/milestone/multi-user stop/exec astring /usr/lib/inet/inetd\ %m stop/timeout_seconds count 60 stop/type astring method start/exec astring /usr/lib/inet/inetd\ %m start/timeout_seconds count 60 start/type astring method refresh/exec astring /usr/lib/inet/inetd\ %m refresh/timeout_seconds count 60 refresh/type astring method tm_common_name/C ustring inetd tm_description/C ustring inetd\ provides\ listening\ and\ spawning\ services\ for\ registered\ Internet\ services. tm_man_inetd/manpath astring /usr/share/man tm_man_inetd/section astring 1M tm_man_inetd/title astring inetd sr1-uvnn06-01% svcprop inetd hash/md5sum astring 2968464c0a1ae43ddb5ace9714b3c60b general/enabled boolean true general/entity_stability astring Unstable general/single_instance boolean true defaults/tcp_trace boolean true loopback/entities fmri svc:/network/loopback loopback/grouping astring require_any loopback/restart_on astring error loopback/type astring service filesystem/entities fmri svc:/system/filesystem/local filesystem/grouping astring require_all filesystem/restart_on astring error filesystem/type astring service network/entities fmri svc:/milestone/network network/grouping astring optional_all network/restart_on astring error network/type astring service rpc/entities fmri svc:/network/rpc/bind rpc/grouping astring optional_all rpc/restart_on astring error rpc/type astring service upgrade/entities fmri svc:/network/inetd-upgrade upgrade/grouping astring optional_all upgrade/restart_on astring none upgrade/type astring service milestones/entities fmri svc:/milestone/sysconfig svc:/milestone/name-services milestones/grouping astring require_all milestones/restart_on astring none milestones/type astring service dependents/inetd_multi-user astring svc:/milestone/multi-user stop/exec astring /usr/lib/inet/inetd\ %m stop/timeout_seconds count 60 stop/type astring method start/exec astring /usr/lib/inet/inetd\ %m start/timeout_seconds count 60 start/type astring method refresh/exec astring /usr/lib/inet/inetd\ %m refresh/timeout_seconds count 60 refresh/type astring method tm_common_name/C ustring inetd tm_description/C ustring inetd\ provides\ listening\ and\ spawning\ services\ for\ registered\ Internet\ services. tm_man_inetd/manpath astring /usr/share/man tm_man_inetd/section astring 1M tm_man_inetd/title astring inetd restarter/logfile astring /var/svc/log/network-inetd:default.log restarter/contract count 53 restarter/start_pid count 987 restarter/start_method_timestamp time 1163046929.446837000 restarter/start_method_waitstatus integer 0 restarter/auxiliary_state astring none restarter/next_state astring none restarter/state astring online restarter/state_timestamp time 1163046929.453431000 restarter_actions/refresh integer This message posted from opensolaris.org
