|
|
|
Valid on UNIX
Symptom:
When I start CA Access Control it does not control the first incoming ftp connection from vsftpd. I have created a TCP rule for ftp and a HOST rule for vsftpd, and CA Access Control controls all subsequent incoming ftp connections from vsftpd according to the TCP or HOST rule that I created.
Solution:
If you start vsftpd before you start CA Access Control, vsftpd places a hook in the accept system call for incoming ftp connections. The hook means that vsftpd processes the first incoming ftp connection before CA Access Control can intercept it.
After vsftpd processes the ftp connection it tries to call the accept system call in preparation for the next ftp connection. However, CA Access Control intercepts this system call and hence controls all subsequent ftp connections.
To intercept the first incoming ftp connection, use one of the following workarounds:
Note: For more information about configuring a super-server daemon, contact your OS vendor.
To run the tripAccept utility, you must enable the call_tripAccept_from_seload token in the [SEOS_syscall] section of the seos.ini file. We recommend that you define a SPECIALPGM record for the tripAccept utility before you run it.
| Copyright © 2012 CA. All rights reserved. |
|