[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Shell script question

Posted on 2005-05-01
4
Medium Priority
?
276 Views
Last Modified: 2013-12-15
Hi Guys,

I'm setting up a restricted access server which will only allow access to a list of ip addresses. Here's the xinetd config:

# cat /etc/xinetd.d/vsftp
#xinetd config for vsftpd

service ftp
{
        socket_type = stream
        wait = no
        user = root
        server = /usr/sbin/vsftpd
        only_from = 192.168.2.1 192.168.2.99
        nice = 10
        disable = no
}

I'm also going to have a text file with a list of addresses, it will look something like this:

# cat iplist
192.168.2.1
192.168.2.99
192.168.2.100

what I need to do is write a script that deletes the addresses after "only_from = " and then adds all the addresses from the list. and instead of going to the next line the addresses will be seperated by spaces.

any ideas?

thanks!
0
Comment
Question by:justinm99
4 Comments
 
LVL 9

Expert Comment

by:kfullarton
ID: 13908686
How about just using /etc/hosts.allow or /etc/hosts.deny?  You can specify port numbers and IP addresses of hosts that are explicitly allowed or denied.  Just do a "man hosts.allow" to get information on the syntax.
0
 
LVL 8

Expert Comment

by:marxy
ID: 13908724
The best way to restrict acces to server is using iptables.
For example, to restrict access to ftp.

You can use shell scripts as:
iptables -A INPUT -p tcp -m tcp -s 192.168.2.1 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.99 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.2.100 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT

Or. If you want to use list of addresses in iplist file then you could use this script

`cat iplist|sed -e 's/\(.*\)/iptables -A INPUT -p tcp -m tcp -s \1 --dport 25 -j ACCEPT/'`
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
0
 
LVL 15

Accepted Solution

by:
veedar earned 1200 total points
ID: 13908735
Something like this will do it...

ips=`cat /tmp/iplist | tr "\r\n" " "`
ed  /etc/xinetd.d/vsftp  <<  EOF
/only_from =
s/=.*$/= ${ips}/p
w
q
EOF


0
 
LVL 2

Expert Comment

by:sekargopi
ID: 13916248

another way

list=`cat iplist | tr "\r\n" " "`
cat /etc/xinetd.d/vsftp | sed s/"only_from\s*=.*"/"only_from=$list"/ > /tmp/vsftp.tmp
mv /tmp/vsftp.tmp /etc/xinetd.d/vsftp
/etc/init.d/xinetd restart

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy. ┬áThis article also serves as your NTP server documentation.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month18 days, 16 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question