Matthias Šubik wrote:
> hi,
> first of all brute force or dictionary attack, but I haven't seen a
> brute force attack on usernames for a long time now ... (not even
> script kiddies are that dumb).
>
> second: I don't know how it is compiled, but I suggest if you are
> vaguely familiar with the process of compiling, download the src.rpm
> of openssh and look at the configure line, if there is nothing
> helpful, unpack and ./configure the tarball from the src.rpm yourself,
> when you find the switch, make a bugzilla entry on bugs.trustix.org,
> asking for aktivation of that switch for the compile of the distro
> package.
>
> if it is (or should be) compiled with tcp_wrappers support it is even
> more important that you find the bug, b/c there might be others
> relying on tcp_wrappers to work in that package.
>
> matthias
>
Hey
Here are the important bits out of the .spec file:
BuildRequires: perl, openssl-devel, tcp_wrappers
./configure --prefix=/usr \
--sysconfdir=/etc/ssh \
--mandir=%{_mandir}\
--with-tcp-wrappers \
--with-ipv4-default \
--infodir=/usr/share/info \
--libexecdir=/usr/libexec/ssh \
--with-pam \
--with-lastlog=/var/log/lastlog \
--with-privsep-path=/var/cache/openssh/empty
So it would appear to be built with tcp_wrappers support. I guess i just
have to activate it somehow.
Reading around suggests I have to modify the way inetd launches the sshd
service.
Any ideas?
thanks
Dunc
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
