SSH and msec level 4 - MDK 10.0
man mseclib
authorize_services(arg)
Authorize all services controlled by tcp_wrappers (see
hosts.deny(5)) if arg = ALL. Only local ones if arg = LOCAL and
none if arg = NONE. To authorize the services you need, use
/etc/hosts.allow (see hosts.allow(5)).
hehe finally found it... took forever. was mad cause msec kept killing my hosts.allow. sshd needs to be a listsed service in hosts.allow
root@widmer msec]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd:ALL
[root@widmer msec]# cat /etc/security/msec/level.local
allow_root_login (no)
authorize_services (ALL)
Now msec will not overwrite /etc/hosts.allow
-gabe w
screw the caps!
Last edited by gabedude; 09-21-2004 at 11:31 AM.
|