Thursday, May 20, 2010

Howto:Check if service supports TCP wrappers

You have added a correct entry to /etc/hosts.allow to allow certain clients to connect for certain service, you save the changes but nothing happens!
You recheck the syntax, but everything seems to be just right...
What happened here and why? 
Not all services support TCP wrapping, to determine if they do we will need to querry them via "ldd" command and see their shared library dependencies, let's take sshd service as an example:

# ldd `which sshd` |grep -i libwrap => /lib64/ (0x00007f04d29fd000)

The presense of libwrap module in ldd output states that the current service supports TCP wrappers.

Thursday, May 6, 2010

Quick Howto:Linux DHCP

DHCP service allows dynamic host IP allocation, a useful option for desktop, notebooks and any other mobile IP based appliance.
Linux based DHCP (dhcpd v3) is relatively  easy to configure, the main configuration file is:  


The brief configuration of a subnet will look like this:

subnet netmask {

        option subnet-mask;
        option broadcast-address;
        option routers;

The DHCP protocol has a vast number of options that it can pass to clients to configure them correctly. Some of the most important are shown in the following example:
default-lease-time 21600;
max-lease-time 43200;
option subnet-mask;
option broadcast-address;
option routers;
option domain-name-servers,;
option domain-name "";
option ntp-servers;

Most of these should be self-explanatory. The lease times are how long the client can hold on to the IP address it is given without reconfirming with the server, in seconds. With the default-lease-time set to 21600, the client is instructed to contact the DHCP server at least every 6 hours. If it has not been in touch within 43,200 seconds, 12 hours, it should consider itself to be out of a lease.

To add a static entry, to ensure a certain station will get permanent IP address (useful for servers, printers etc) use the following syntax:

host chronos {
                hardware ethernet d8:50:2b:4c:a3:82;
When dhcpd is running it will generate entries in the file:  

The leases file includes active leases for current client hosts + lease details such as lease start and end time , mac address and hostname of the client host:

lease {
 starts 2 2010/04/01 20:07:05;
 ends 3 2010/04/02 08:07:05;
 hardware ethernet 00:00:e8:4a:2c:5c;
 uid 01:00:00:e8:4c:5d:31;
 client-hostname "shiva01";
When configuration is completed you can run: dhcpd configtest to test whether the configuration is good.

Please note -

1. DHCP server listens on port 68 so be sure to configure your firewall correctly.

2. When DHCP broadcasts need to be forward over routers (happens alot in enterprise environment), a forwarder must be set on the router.
On Cisco systems the option called "ip-helper" and it's used like this:
ip-helper "adress-of-dhcp-server"