[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using editfiles for TCP wrappers in inetd.conf
From: |
Chip Seraphine |
Subject: |
Re: Using editfiles for TCP wrappers in inetd.conf |
Date: |
Mon, 08 Sep 2003 16:37:18 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.2.1) Gecko/20030721 |
Ferguson, Steve wrote:
I'm trying to define a convergent policy with cfengine to replace field 6 in
inetd.conf with /path/to/tcpd for all tcp-based services. I'm curious to
see how others are approaching (or would approach) this without resorting to
an external script to make the edits.
Well, editfiles is great at adding/removing lines, but it is not strong
at doing conditional editing within a line.
I ended up doing something like this:
use_inetd::
{ /etc/inetd.conf
SetCommentStart "#"
PrependIfNoSuchLine "## $(notice_edit)"
#Ixnay on the cp6tay. Delete all uncommented v6 lines so we don't
#have to worry about them in later pattern matches.
DeleteLinesMatching "^[^\#]+$(s)(ud|tc)p6$(s).*$"
#Hostinfo is a local service that goes on all inetd.conf hosts
BeginGroupIfDefined "hostinfo_ok"
SetLine "hostinfo stream tcp nowait root /opt/bin/hostinfo
hostinfo"
AppendIfNoLineMatching "^.*hostinfo$(w)hostinfo$(s)*$"
UnCommentLinesMatching "^.*hostinfo$(w)hostinfo$(s)*$"
EndGroup
BeginGroupIfNotDefined "hostinfo_ok"
CommentLinesMatching "^.*hostinfo$(w)hostinfo$(s).*$"
EndGroup
BeginGroupIfDefined "comsat_ok"
SetLine "comsat dgram udp wait root /usr/sbin/tcpd
in.comsat"
AppendIfNoLineMatching "^[\#[:space:]]*comsat$(w)in.comsat$(s)*$"
UnCommentLinesMatching "^[\#[:space:]]*comsat$(w)in.comsat$(s)*$"
EndGroup
... ad nauseum for all the servies of interest. It was tedious as hell
to set up the first time, but now I can just define groups like:
finger_ok = ( host1 host2 @lab2_netgroup -lab2_masterhost )
...and turn services on and off everywhere.
At the end of the block I define a class called "hup_inetd", which
triggers an action in the processes: section that hup's inetd (logically
enough :-)