Hylafax Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] some general security hints?



Hi, I found an answer to my own question :)

> Is there a way to make hfaxd authenticate
> against an identd (113/tcp) username rather than against the one delivered
> in protocol? I could do it with tcp_wrappers, but I don't know how to wrap
> hfaxd. Any hints?

Here's my /etc/xinetd.d/hylafax file (for use with xinetd):

service hylafax
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/hfaxd
        server_args             = -d
        log_on_success  += HOST DURATION USERID
        log_on_failure  += HOST USERID
        disable                 = no
}

Make sure that you have identd running (port 113) and then put the following
line into hosts.allow:

hfaxd: root@xxxxxxxxx

and this one into hosts.deny:

hfaxd:ALL

This way only the root user will be able to connect to hfaxd, for example in
order to submit a fax. Tested on Redhat Linux 9.


regards,

Michal Rok


____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services