服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法使用tftp备份Ciscoconfiguration
Intereting Posts
networking基础知识 Exchange Server 2010 + OWA + ICS订阅 nagios check_http在cmdline上返回200,在web ui中返回404 服务器证书在Mac Safari OS中不被接受 应该在哪里存储SSH密钥文件以符合FHS要求? 为什么Apache会响应http:// machineName networking电视服务器…专用? Exchange 2007将内部邮件路由到外部服务器 FreeBSD – 监视各个本地networking设备的总带宽 从SQL Server 2008升级到SQL Server 2008 R2时出错 Windows如何在没有“IPSec ID”(组ID)的情况下build立L2TP / IPSEC VPN连接? 使用PowerShell的Hyper-V vSwitch IP FreeNAS + ZFS的冗余池? ISPConfiglogin与Firefox兼容,但不适用于Chrome `yum升级git` centos

无法使用tftp备份Ciscoconfiguration

我得到以下错误: 

SW-AL710-1#copy running-config tftp: Address or name of remote host []? 10.0.1.130 Destination filename [sw-al710-1-confg]? %Error opening tftp://10.0.1.130/sw-al710-1-confg (Timed out)

这是我的configuration: 

 more /etc/xinetd.d/tftp socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot -vvv disable = no per_source = 11 cps = 100 2 flags = IPv4

我的tftp服务器运行: 

 ps ax | grep tftp 2532 ? Ss 0:00 in.tftpd -s /var/lib/tftpboot -vvv

我的xinetd也运行 

 service xinetd status xinetd (pid 2483) is running... netstat -unlp | grep xinetd udp 0 0 0.0.0.0:69 0.0.0.0:* 2483/xinetd

所需的configuration文件是在它的地方: 

 ls -lZ /var/lib/tftpboot/ -rwxrwxrwx. root root unconfined_u:object_r:tftpdir_rw_t:s0 sw-al710-1-confg

权限和其他设置似乎是正确的: 

  chkconfig --list | grep tftp tftp: on ls -lad /var/lib/tftpboot/ drwxrwxrwx. 2 root root 4096 Feb 13 12:31 /var/lib/tftpboot/ getsebool -a | grep -i tftp tftp_anon_write --> on

用tcpdumptesting连接,我得到thw下面的输出: 

 tcpdump port 69 -vv tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes 12:34:42.400626 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto UDP (17), length 53) 10.0.1.223.60291 > NOC1.tftp: [udp sum ok] 25 WRQ "sw-al710-1-confg" octet 12:34:46.394984 IP (tos 0x0, ttl 255, id 1, offset 0, flags [none], proto UDP (17), length 53) 10.0.1.223.60291 > NOC1.tftp: [udp sum ok] 25 WRQ "sw-al710-1-confg" octet more /etc/hosts.allow # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # more /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers

audit.log 

 type=AVC msg=audit(1488191076.406:200525): avc: denied { write } for pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file type=AVC msg=audit(1488191076.406:200525): avc: denied { open } for pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1488191076.406:200525): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1488191076.406:200526): avc: denied { getattr } for pid=22689 comm="in.tftpd" path="/config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1488191076.406:200526): arch=c000003e syscall=5 success=yes exit=0 a0=1 a1=7fffbd7827b0 a2=7fffbd7827b0 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1488191355.130:200527): avc: denied { write } for pid=22726 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tftpdir_t:s0 tclass=file type=SYSCALL msg=audit(1488191355.130:200527): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22726 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)

可能是什么原因,如何解决?