Valid on UNIX
Symptom:
When I start CA ControlMinder it does not control the first incoming ftp connection from vsftpd. I have created a TCP rule for ftp and a HOST rule for vsftpd, and CA ControlMinder controls all subsequent incoming ftp connections from vsftpd according to the TCP or HOST rule that I created.
Solution:
If you start vsftpd before you start CA ControlMinder, vsftpd places a hook in the accept system call for incoming ftp connections. The hook means that vsftpd processes the first incoming ftp connection before CA ControlMinder can intercept it.
After vsftpd processes the ftp connection it tries to call the accept system call in preparation for the next ftp connection. However, CA ControlMinder intercepts this system call and hence controls all subsequent ftp connections.
To intercept the first incoming ftp connection, use one of the following workarounds:
Note: For more information about configuring a super-server daemon, contact your OS vendor.
To run the tripAccept utility, you must enable the call_tripAccept_from_seload token in the [SEOS_syscall] section of the seos.ini file. We recommend that you define a SPECIALPGM record for the tripAccept utility before you run it.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|