Shell script question

Posted on 2005-05-01
Last Modified: 2013-12-15
Hi Guys,

I'm setting up a restricted access server which will only allow access to a list of ip addresses. Here's the xinetd config:

# cat /etc/xinetd.d/vsftp
#xinetd config for vsftpd

service ftp
        socket_type = stream
        wait = no
        user = root
        server = /usr/sbin/vsftpd
        only_from =
        nice = 10
        disable = no

I'm also going to have a text file with a list of addresses, it will look something like this:

# cat iplist

what I need to do is write a script that deletes the addresses after "only_from = " and then adds all the addresses from the list. and instead of going to the next line the addresses will be seperated by spaces.

any ideas?

Question by:justinm99
    LVL 9

    Expert Comment

    How about just using /etc/hosts.allow or /etc/hosts.deny?  You can specify port numbers and IP addresses of hosts that are explicitly allowed or denied.  Just do a "man hosts.allow" to get information on the syntax.
    LVL 8

    Expert Comment

    The best way to restrict acces to server is using iptables.
    For example, to restrict access to ftp.

    You can use shell scripts as:
    iptables -A INPUT -p tcp -m tcp -s --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -s --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -s --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT

    Or. If you want to use list of addresses in iplist file then you could use this script

    `cat iplist|sed -e 's/\(.*\)/iptables -A INPUT -p tcp -m tcp -s \1 --dport 25 -j ACCEPT/'`
    iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
    LVL 15

    Accepted Solution

    Something like this will do it...

    ips=`cat /tmp/iplist | tr "\r\n" " "`
    ed  /etc/xinetd.d/vsftp  <<  EOF
    /only_from =
    s/=.*$/= ${ips}/p

    LVL 2

    Expert Comment


    another way

    list=`cat iplist | tr "\r\n" " "`
    cat /etc/xinetd.d/vsftp | sed s/"only_from\s*=.*"/"only_from=$list"/ > /tmp/vsftp.tmp
    mv /tmp/vsftp.tmp /etc/xinetd.d/vsftp
    /etc/init.d/xinetd restart


    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now