Shell script question

Hi Guys,

I'm setting up a restricted access server which will only allow access to a list of ip addresses. Here's the xinetd config:

# cat /etc/xinetd.d/vsftp
#xinetd config for vsftpd

service ftp
{
        socket_type = stream
        wait = no
        user = root
        server = /usr/sbin/vsftpd
        only_from = 192.168.2.1 192.168.2.99
        nice = 10
        disable = no
}

I'm also going to have a text file with a list of addresses, it will look something like this:

# cat iplist
192.168.2.1
192.168.2.99
192.168.2.100

what I need to do is write a script that deletes the addresses after "only_from = " and then adds all the addresses from the list. and instead of going to the next line the addresses will be seperated by spaces.

any ideas?

thanks!
LVL 1
justinm99Asked:
Who is Participating?
 
veedarCommented:
Something like this will do it...

ips=`cat /tmp/iplist | tr "\r\n" " "`
ed  /etc/xinetd.d/vsftp  <<  EOF
/only_from =
s/=.*$/= ${ips}/p
w
q
EOF


0
 
kfullartonCommented:
How about just using /etc/hosts.allow or /etc/hosts.deny?  You can specify port numbers and IP addresses of hosts that are explicitly allowed or denied.  Just do a "man hosts.allow" to get information on the syntax.
0
 
marxyCommented:
The best way to restrict acces to server is using iptables.
For example, to restrict access to ftp.

You can use shell scripts as:
iptables -A INPUT -p tcp -m tcp -s 192.168.2.1 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.99 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.100 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT

Or. If you want to use list of addresses in iplist file then you could use this script

`cat iplist|sed -e 's/\(.*\)/iptables -A INPUT -p tcp -m tcp -s \1 --dport 25 -j ACCEPT/'`
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
0
 
sekargopiCommented:

another way

list=`cat iplist | tr "\r\n" " "`
cat /etc/xinetd.d/vsftp | sed s/"only_from\s*=.*"/"only_from=$list"/ > /tmp/vsftp.tmp
mv /tmp/vsftp.tmp /etc/xinetd.d/vsftp
/etc/init.d/xinetd restart

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.